[Date Prev][Date Next] [Chronological] [Thread] [Top]

Have problems with the ACL control -- NEED FAST HELP



hi

I bave a big problem with the ACL controls.

I have this slapd.conf:
# This is the main slapd configuration file
# the second time I try this stuff
# I always have problems with the ACL controls
# using the page "www.bayour.com/LDAPv3-HOWTO.html" as example

# Schema and objectClass definitions
include         /home/olli/slapd/config/schemas/slapd.at.conf
include         /home/olli/slapd/config/schemas/slapd.oc.conf

# leaving this out because I always have problems with the syntax of the
# schema files
#include                /home/olli/slapd/config/schemas/core.schema
#include                /home/olli/slapd/config/schemas/cosine.schema
#include                /home/olli/slapd/config/schemas/inetorgperson.schema

# Schema check allows for forcing entrie to
# match schemas for their objectClasses's
schemacheck     on

# Where the pid file is put. The init.d script 
# will not stop the server if you change this
pidfile         /home/olli/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /home/olli/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel        -1 

#############################################
# ldbm database definition
#############################################

# the brackend type, ldbm is the default standard
database        ldbm

# The base of your directory
suffix          "o=example,dc=de"

# The rootdn and the password in plaintext
rootdn          dn="uid=admin,o=example,dc=de"
rootpw          nothing

# The base of the directory
directory       /home/olli/slapd/db

# Save the time the entry gets modified
lastmod         on

# Indexes
index           default pres,eq
index           objectclass,uid,uidnumber,gidnumber,cn
index           mail,mailalternateaddress,mailforwardingaddress eq

# Include the access list
include         /home/olli/slapd/config/slapd.access

# End of the config file



And this is my slapd.access

# you should place all ACL's here

access to *
       by dn="uid=admin,o=example,dc=de" write
       by self write
       by * write

defaultaccess write


I can start the server without any problems but when I try to connect for a
ldapsearch I always get the failure message:

select activity on 1 descriptors
new connection on 7
fd=7 connection from localhost (10.20.1.43) denied.
listening for connections on 6, activity on:
before select active_threads 0

what is wrong with the ACL options I have set???



Oliver Roeschke
Integra GmbH
ITC Offenbach