[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problems with access directive

As the subject line eludes to I am having difficulty with the access
directive. Bottom line is this, if I place any access directive into
my slapd.conf file I can no longer browse the directory. For example
the following directive causes me to no longer see the attributes of
the base DN or anything else for that matter.

access to dn.subtree="dc=ca,dc=myrealdomain,dc=com" attrs=userPassword
        by self write
        by anonymous auth
	by * none

Here is the output from the logfile starting from right after I made
the change, restarted the service and attached to the LDAP service

slapd[20313]: bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002) 
slapd[20313]: bdb_db_init: Initializing BDB database 
slapd[20314]: slapd starting 
slapd[20314]: => access_allowed: search access to "" "objectClass" requested 
slapd[20314]: => acl_get: [1] check attr objectClass 
slapd[20314]: <= acl_get: [1] acl  attr: objectClass 
slapd[20314]: => acl_mask: access to entry "", attr "objectClass" requested 
slapd[20314]: => acl_mask: to all values by "", (=n)  
slapd[20314]: <= check a_dn_pat: self 
slapd[20314]: <= check a_dn_pat: users 
slapd[20314]: <= check a_dn_pat: anonymous 
slapd[20314]: <= acl_mask: [3] applying auth(=x) (stop) 
slapd[20314]: <= acl_mask: [3] mask: auth(=x) 
slapd[20314]: => access_allowed: search access denied by auth(=x) 

OS is RedHat ver. 9
OpenLDAP is ver. 2.1.22

This is a very vanilla install, there is no TLS, SASL or other 
obvious factors that are complicating this matter. Thanks in advance
for any help.

Timothy R. Robnett

"Tricks and treachery are the practice of fools, that don't have 
brains enough to be honest."
--Benjamin Franklin