I though about putting it in a simpler way. OpenLDAP 2.4.23 with translucent proxy.I'm able to add/remove/modify attributes locally using the rootdn defined in the server configuration. I'm NOT able to browse or perform searches using those same credentials. I always get 0 entries. I am however able to perform searches and browse the tree if i bind anonymously or if i bind with one of the LDAP users accounts.
Is this behaviour to be expected? Is there any way to use a single pair of credentials and be able to add/delete/modify/browse/search ?
the database definition is as follows:
--- snip ---
database hdb
suffix "dc=example,dc=com"
rootdn cn=loadmin,dc=example,dc=com
rootpw secret
directory "/var/lib/ldap"
lastmod on
access to attrs=userPassword,sambaNTPassword,krb5Key
by dn.exact="cn=admin,dc=example,dc=com" write
by dn.exact="cn=loadmin,dc=example,dc=com" write
by dn.exact="cn=reader,dc=example,dc=com" read
by self read
by anonymous auth
by * none
access to *
by dn.exact="cn=admin,dc=example,dc=com" write
by dn.exact="cn=loadmin,dc=example,dc=com" write
by * read
index sambaSID,sambaPrimaryGroupSID eq
overlay translucent
uri "ldap://ldapbackend.example.com";
acl-bind binddn="cn=reader,dc=example,dc=com" credentials="secret"
translucent_strict
translucent_remote objectClass
translucent_local sambaSID,sambaPrimaryGroupSID,sambaAcctFlags
overlay glue
--- snip ---
Best Regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email : hugo.monteiro@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.pt apoio@fct.unl.pt fct.unl.pt:~# _