[Date Prev][Date Next] [Chronological] [Thread] [Top]

Help with 2.4 ACLs

To: openldap-software@openldap.org
Subject: Help with 2.4 ACLs
From: Duncan Brannen <dbb@st-andrews.ac.uk>
Date: Tue, 19 Feb 2008 11:50:37 +0000
User-agent: Thunderbird 2.0.0.9 (Macintosh/20071031)

An upgrade from 2.3.38 to 2.4.7 seems to have caused my acls to stop
working in that anonymous users can no longer search the tree to find
their entry to authenticate.


With an acl of

access to dn.base="" by * read

access to dn.base="cn=Subschema" by * read

access to dn.subtree="ou=People,dc=st-andrews,dc=ac,dc=uk"
       by * read

access to *
       by users read
       by anonymous auth

All anonymous searches get insufficient access returned

Logging of ACls shows

=> slap_access_allowed: search access denied by auth(=xd)

Any thoughts on what extra I need for this to work in 2.4?

Cheers,
      Duncan

Follow-Ups:
- Re: Help with 2.4 ACLs
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: Write changed immediately to disk
Next by Date: Re: kerberos support any more?
Index(es):
- Chronological
- Thread