[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rootdn and ACI

To: "Saket Sathe" <saket@cc.iitb.ac.in>
Subject: Re: rootdn and ACI
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Wed, 30 Mar 2005 18:31:04 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <424AADB7.7000709@cc.iitb.ac.in>
References: <424A9A34.9080404@cc.iitb.ac.in> <33640.131.175.154.56.1112188790.squirrel@131.175.154.56> <424AADB7.7000709@cc.iitb.ac.in>
User-agent: SquirrelMail/1.4.3a-1

> I have an ACL like:
> access to
> dn.regex="uid=[^,]+,ou=[^,]+,ou=([^,]+),ou=People,dc=iitb,dc=ac,dc=in$"
> attrs=mailHost
>     by ... *other requesters (part omitted to maintain clarity)*
>     by anonymous    auth
>     by users        read
>
> Now if I bind using rootdn, I am not able to read the 'mailHost'
> attribute. My rootdn is cn=Manager,dc=iitb,dc=ac,dc=in.
> I am using OL 2.2.24. Shall I post all my ACLs ?

Honestly, I don't know how it could help, since access is not checked for
the rootdn.  I suggest you check:
1) if the data you expect to see is actually there (slapcat?)
2) if you're actually having a successful bind as rootdn (ldapwhoami?)
3) if it's an ACL problem (does it work without any ACL?)

Also, try looking at the server's output with loglevel set to 128 (ACL).

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- rootdn and ACI
  - From: Saket Sathe <saket@cc.iitb.ac.in>
- Re: rootdn and ACI
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: rootdn and ACI
  - From: Saket Sathe <saket@cc.iitb.ac.in>

Prev by Date: Re: ber_get_next on fd 12 failed errno=
Next by Date: Re: ber_get_next on fd 12 failed errno=
Index(es):
- Chronological
- Thread