[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: defaultsearchbase

I suggest you re-read slapd.conf(5) description of this
option.  It only affects slapd(8) behavior in one particular
seach request case (empty base DN with non-baseObject search
scope).  I note that clients that are well-behaved do not
generally issue such search requests.

Though I am not familiar with this particular LDAP client
involved, I suspect it is attempting to read the value(s) of the
namingContexts attribute from the root DSE.  You can try
to read this attribute yourself using ldapsearch(1):
        ldapsearch ... -b "" -s base namingContexts
(replacing ... with appropriate options to establish the
LDAP session, authentication, etc.)

At 09:33 AM 12/23/2005, Robert Fitzpatrick wrote:
>access to *
>        by sockurl.regex="^ldapi://%2fvar%2frun%2fopenldap%2fldapi/$" write
>        by group.exact="cn=Administrators,dc=webtent,dc=net" write
>        by self write
>        by * read
>What else could cause the default not to work?


I would guess that this is a database ACL (as opposed to a
global ACL) and that there are no global ACLs allowing this
(or other users) to read the root DSE.