[Date Prev][Date Next] [Chronological] [Thread] [Top]

Solution to getent-Problem based on Turbo's LDAPv3 HOWTO

The problem was that getent does not return LDAP users. On my system (see the configuration in my previous posting) required the following part in /etc/ldap/slapd.access (include file to /etc/ldap/slapd.conf):


# Some things should be editable by the owner, and viewable by anyone...
access to attr=cn,givenName,sn,krbName,krb5PrincipalName,gecos
        by dn="cn=admin,dc=office-b,dc=jamba,dc=net" write
        by dn="uid=ldapadm.+\+realm=OFFICE-B.JAMBA.NET" write
        by self write
        by * read

The interesting aspect is that the last line is "by users read" in some publications. On my system I had to grant read rights to anybody. I hope that I do not open the LDAP directory too much in theory (the firewall does not allow LDAP external access). Starting slapd with debugging options returned

=> access_allowed: read access denied by =n
acl: access to attribute gecos not allowed

on the console...

I hope that this sheds some light on other problems I have to solve too.


Regards,

Andreas Heilwagen
Teamleiter Qualitätssicherung, Systembetreuung und Test (QST)
Jamba! AG Pfuelstrasse 5 10997 Berlin
Tel.: +49-30-69538-134 Mobile: +49-173-3218114 Fax: +49-30-69538-599
http://www.jamba.de, http://wap.jamba.de
GPG/PGP Public Key @ http://www.keyserver.net