[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL filter not working



I'm having a problem with access control lists in slapd.conf. The filter doesn't seem to be working in OpenLDPA 2.4.23 using syntax that worked in 2.3.43. I've simplified my tests down to a single ACL rule just to see if it's working, and this is what I'm finding:

I'm trying this ACL:

access to dn.subtree="ou=users,dc=companyname,dc=com" filter="(objectClass=person)"
        by * read

I tried an anonymous search using this command:

ldapsearch -h 1.2.3.4 -x -b ou=users,dc=companyname,dc=com

And it returned the following:

# search result
search: 2
result: 32 No such object

I tried the same with the same ACL as above with the filter set to "(uid=*)", and got the same problem (note that all users have a uid value set). However, I tried with the filter set to "(objectClass=*), and it returned all users as I would expect.

Has anything changed with ACL syntax between OpenLDAP 2.3 and 2.4? Or do you see any problems with the syntax of my ACL line above?

Thanks.

Darren