[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACLs for the root DSE

How do I write an ACL that matches only the root DSE?  What I'm after is
to grant access to the attributes such as supportedSASLMechanisms and
namingContexts.  Without it, e.g. ldapsearch can't negotiate a SASL
mechanism because until it's bound it has no access to the mechanisms
list.  (I've denied unauthenticated access to everything, and now I want
an exception for these attributes.)

(In case it helps, this is what could be happening when the sample SASL
client and server work, but ldapsearch fails in ldap_sasl_bind_s if you
omit -Y but works if you provide '-Y asupportedmechanism'.)

Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Make a good day.