[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems in OpenLDAP 2.4.11

John Du wrote:
> I fixed the two problems.
> Problem one was fixed by adding an "access to dn.subtree="cn=SubSchema
> by * read".

This should be sufficient since the subschema subentry is a single entry:

access to dn.base="cn=Subschema" by * read

> I thought the root DN is not subject any access control rules but that
> does not seem to be the case.

Indeed no ACLs are applied when effectively binding as rootdn. What
makes you think that this is not the case.

>  I do not understand why I have to add the
> index for the new server but not for the old one.

The problem is if you added an index directive to slapd.conf but did not
re-index slapd looks into the index database file and the old entries
are not there yet. So the entry is not returned as search result. This
might make you think that access control prevents the entry from being

Also be sure that all the database files have the right
ownership/permissions when manually re-indexing them.

Ciao, Michael.