(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Configuration : (Category) SLAPD Configuration : (Category) Access Control : (Answer) I have multiple access rules in slapd.conf, but some do not seem to work
Consiger this example: 
--- slapd.conf ---
access to *
  by anonymous auth

access to *
  by self write

access to *
  by users read 
--- slapd.conf ---

You may think this will allow any user to login, to read everything and change his own data if he is logged in. But in this example only the login works and an ldapsearch returns no data. The Problem is that SLAPD goes throgh its access config line by line and stops as soon as it finds a match in the part of the access rule.(here: "to *")

To get what we wanted the file has to read:

--- slapd.conf ---
access to *
  by anonymous auth
  by self write
  by users read 
--- slapd.conf ---

The general rule is: "special access rules first, generic access rules last"


jradmacher@gmx.de
[Append to This Answer]
Previous: (Answer) A (nearly) complete Address Book example
Next: (Answer) How do I control the use of auxiliary object classes?
This document is: http://www.openldap.org/faq/index.cgi?file=1375
[Search] [Appearance]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org