[Date Prev][Date Next]
I suggest you re-read slapd.conf(5) description of this
option. It only affects slapd(8) behavior in one particular
seach request case (empty base DN with non-baseObject search
scope). I note that clients that are well-behaved do not
generally issue such search requests.
Though I am not familiar with this particular LDAP client
involved, I suspect it is attempting to read the value(s) of the
namingContexts attribute from the root DSE. You can try
to read this attribute yourself using ldapsearch(1):
ldapsearch ... -b "" -s base namingContexts
(replacing ... with appropriate options to establish the
LDAP session, authentication, etc.)
At 09:33 AM 12/23/2005, Robert Fitzpatrick wrote:
>access to *
> by sockurl.regex="^ldapi://%2fvar%2frun%2fopenldap%2fldapi/$" write
> by group.exact="cn=Administrators,dc=webtent,dc=net" write
> by self write
> by * read
>What else could cause the default not to work?
I would guess that this is a database ACL (as opposed to a
global ACL) and that there are no global ACLs allowing this
(or other users) to read the root DSE.