[Date Prev][Date Next]
acl's being ignored?
I've just starting trying to use OpenLDAP, but I've been having some
issues with ACL's. In particular, openldap seems to be ignoring
what I'm trying to tell it - I've pored over the list archives and
the SLAPD Admin Guide to no avail.. I'm sure I'm doing something
very obviously silly, but I can't seem to pin point it. I've
compiled this fresh for an essentially redhat 5.x linux box.
Boiled down, my slapd.conf contains these lines:
access to dn=".*"
by * none
At various times it contained only the defaultaccess none line and
at other times it had some other more specific lines in it. But
no matter what I do, if I try and connect anonymously I can always
At first I had attempted to cut access to certain attrs like so:
access to attr=mail
by self write
by * none
and various iterations like that, but no matter what, I could always
get everything anonymously.
Giving slapd a -d128 option, I get these lines, which seem relevant:
ACL: access to dn=.*
=> acl_get: entry (cn=Someone New5, ou=Group, o=Foo, c=US) attr (objectclass)
<= acl_get: no match
=> acl_access_allowed: search access to entry "cn=Someone New5, ou=Group, o=Foo, c=US"
=> acl_access_allowed: search access to value "PERSON" by ""
<= acl_access_allowed: granted by default (no matching to)
=> access_allowed: exit (cn=Someone New5, ou=Group, o=Foo, c=US) attr (objectclass)
What am I doing wrong? Can I provide any other information?
Thanks for any help!
felix sheng ... email@example.com