[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL settings and searches



I have what should be a simple problem, but I can't seem to find out whats
wrong.
I had everything setup and working fine, ldapsearch returned correct data
and
Roaming access was working.

 I attempted to enable login authentication via ldap and now I can't perform
an
ldapsearch without the -D [DN] -W. I'm including below 2 examples and the
Access entries from slapd.conf.

 I thought the problem was with the access settings but removing all of them
and retrying my search had no effect. Running ldapsearch in debug didn't
produce and erorrs or useful data that I could see, the same goes for
running
the server in debug mode.

 Any help would be greatly appreciated.

## Example 1

ldapsearch -x -b 'dc=oiccam, dc=com' uid=ktrant -H
ldap://ldaptest.oiccam.com:389/
version: 2

#
# filter: uid=ktrant
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

## Example 2
 The following command will return results:

ldapsearch -x -b 'dc=oiccam, dc=com' uid=ktrant -H
ldap://crusher.oiccam.com:389/ -W -D 'cn=root,dc=oiccam,dc=com'
Enter LDAP Password: XXXXXX

version: 2

#
# filter: uid=ktrant
# requesting: ALL
#

# ktrant,People,dc=oiccam,dc=com
dn: uid=ktrant,ou=People,dc=oiccam,dc=com
uid: ktrant
mail: ktrant@oiccam.com
mailLocalAddress: ktrant@oiccam.com
mailRoutingAddress: ktrant@mail.oiccam.com
mailHost: mail.oiccam.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
objectClass: shadowAccount
shadowLastChange: 11768
shadowMax: 99999
shadowWarning: 7
krbName: ktrant@OICCAM.COM
loginShell: /bin/tcsh
uidNumber: 7298
gidNumber: 501
homeDirectory: /home/ktrant
cn: Kenneth A. Trant Jr
gecos: Kenneth A. Trant Jr
givenName: Kenneth
userPassword:: XXXXXXXXXXXXXXXXXXXXXX
sn: Trant
telephoneNumber:


## Slapd.conf access rules.

access to attr=userPassword
        by self write
        by anonymous auth
        by dn="cn=root, dc=oiccam, dc=com" write
        by * none
access to attr=mail
        by self write
        by dn=".*, dc=oiccam, dc=com" read
        by * search
access to dn=".*,ou=Roaming,dc=oiccam,dc=com"
        by dn="cn=root, dc=oiccam, dc=com" write
        by dnattr=owner write
access to dn=".*,ou=People,dc=oiccam,dc=com"
        by dn="cn=root, dc=oiccam, dc=com" write
        by anonymous auth
        by dnattr=owner write
access to *
        by self write
        by dn=".*, dc=oiccam, dc=com" read
        by dn=".*, dc=oiccam, dc=com" search
        by dn="cn=root, dc=oiccam, dc=com" write
        by anonymous auth
        by * none