[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL OK in 2.0/2.1 not OK in 2.2

lugzug@lenin.net writes:

> I have a little test server using OpenLDAP as a NIS replacment.
> I've been able to use the ACLs below for quite some time with no troubles.
> When upgrading to OpenLDAP v2.2 (2.2.6-34 shipped with SUSE 9.1) I get a
> syntax error on line 13.  The error message is "bad DN "()" in to DN
> clause".
> I've tried changing the ACL line to "access to dn.base="" by * read". That
> parses OK, but my clients are broken.
> On my client if I do a "ldapsearch -Z -x" I get no results back, whereas
> before with OpenLDAP v2.0/v2.1 I would see all the contents (/etc/passwd,
> and /etc/group equiv).
>  1 access to attr=userPassword
>  2         by self write
>  3         by anonymous auth
>  4
>  5 access to dn="uid=(.*),ou=.*,dc=com" attr=sn,givenName,homePhone
>  6         by self write
>  7         by users read

With flag -x your are initiating an anonymous bind, but your acl's
only allow authenticated users to read. So your access rules work


Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521