Re: Error 18: Solaris 10 Native LDAP-Client

[Ralf Haferkamp <rhafer@suse.de>]

Am Mittwoch 03 November 2010, 09:52:26 schrieb Benjamin Griese:
> Hello Ralf,
> 
[..]
> In the meantime I set the ACL, but unfortunatly it didn't help solving
> the problem, you may take a look at my example:
> 
> DN: olcDatabase={1}hdb,cn=config
> olcAccess: {0}to attrs=userPassword,shadowLastChange by
> dn="cn=ldapadm,dc=example,dc=de" write by
> dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" read by
> anonymous auth by self write by * none
> olcAccess: {1} to dn.base="" attrs=supportedControl
> val/objectIdentifierMatch=1.2.840.113556.1.4.473 by * none
> olcAccess: {2} to dn.base="" attrs=supportedControl
> val/objectIdentifierMatch=2.16.840.1.113730.3.4.9 by * none
> olcAccess: {3}to dn.base="" by * read
> olcAccess: {4}to * by dn="cn=ldapadm,dc=example,dc=de" write by * read
> 
> If I remember right {4} is not opening up the access when it is
> explicitly denied in the ACLs {1} & {2}, am I right?
Yes, you are right.

> But I'm not sure if this is the right place for this kind of ACL,
> cn=config instead should be wrong too I guess.
It has to be in the global ACL, i.e. you have to add it to
olcDatabase={-1}frontend,cn=config.

> Bye, Benjamin.
[..]

Ralf
-- 
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)