[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL Confusion

I finally figured out my problem, and am replying so this goes
into the archives. I added a monitor database last week, and had all my
ACLs globbed together at the bottom of my slapd.conf.  After analyzing the
openldap.org docs again, I saw:

"Note: If no access directives are specified, the default access control
policy, access to * by * read, allows all both authenticated and anonymous
users read access."

It struck me that my ACLs may be getting applied to my monitor
database and not the main suffix. A little mucking around and I got it to
work correctly. I apologize for the wasted bandwidth. I also want to thank
Tony for the links he emailed me earlier this week.


On Thu, 20 Feb 2003 mattyml@bellsouth.net wrote:

> Hi Folks,
> I have been toying around a bit more with my ACLs. When I add:
> access to *
>     by * none
> and startup slapd:
> Starting OpenLDAP Server: bdb_initialize: Sleepycat Software: Berkeley DB
> 4.1.24: (September 13, 2002)
> bdb_db_init: Initializing BDB database
> Backend ACL: access to *
>         by * none(=n)
> I am still able to perform the following search:
> ldapsearch -x -D "" '(cn=*m*)'
> Everything is returned. It would look as if slapd is ignoring
> the ACls altogether:
> => access_allowed: search access to "dc=test,dc=com" "cn" requested
> => access_allowed: backend default search access granted to ""
> Anyone know that I could be missing? I am miffed and prob doing
> something stupid :(
> Thanks,
> - Ryan