[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cannot access entries



Why not adjust your logLevel to include ACL processing, its usually very informative.
On Jul 4, 2011, at 1:23 PM, Friedrich Locke wrote:

> This is for learning purposes, the password will not be that one on a
> production system.
> ypldap access is just before any other more restrictive.
> 
> My questions still remains: how may i have a listing of entry directly
> below (one level only) a given base ?
> Searching with a filter is interest too. But i am being prevented.
> Does anybody here know how it could be done given my access rules on
> the prior email ?
> 
> Thanks once more.
> 
> 
> On Mon, Jul 4, 2011 at 4:01 PM, Chris Jacobs <Chris.Jacobs@apollogrp.edu> wrote:
>> The ypldap access should be before the one that limits more - the more restrictive one will match first.
>> 
>> If that account is intended as you main 'root'-ish account, it should probably be granted access to all right off the bat.
>> 
>> Also: change your ldap password now. (I've done this; sent a password to the mailing list - dumb).
>> 
>> - chris
>> 
>> Chris Jacobs, Systems Administrator, Technology Services Group
>> Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc.
>> 2001 6th Ave | Ste 3200 | Seattle, WA 98121
>> phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661
>> email:  chris.jacobs@apollogrp.edu
>> 
>> ----- Original Message -----
>> From: openldap-technical-bounces@OpenLDAP.org <openldap-technical-bounces@OpenLDAP.org>
>> To: openldap-technical@openldap.org <openldap-technical@openldap.org>
>> Sent: Mon Jul 04 11:19:45 2011
>> Subject: cannot access entries
>> 
>> Hi list members,
>> 
>> i am trying to configure accesses to my ldap server, but i am doing
>> some wrong i am not aware about. The access list is below:
>> 
>> access to dn.one="ou=appsrv,dc=ufv,dc=br" attrs=userpassword
>>        by self read
>>        by anonymous auth
>>        by * none
>> 
>> access to dn.one="ou=appsrv,dc=ufv,dc=br"
>>        by self read
>>        by * none
>> 
>> access to dn.one="ou=people,dc=ufv,dc=br" attrs=userpassword
>>        by self read
>>        by anonymous auth
>>        by * none
>> 
>> access to dn.one="ou=people,dc=ufv,dc=br"
>>        by self read
>>        by dn.exact="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read
>>        by * none
>> 
>> access to dn.one="ou=group,dc=ufv,dc=br"
>>        by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read
>>        by * none
>> 
>> 
>> =======================================
>> 
>> The command i am executing and its output is below
>> 
>> sioux@gustav$ ldapsearch -x -w ypldapA4esuopdV -D
>> cn=ypldap,ou=appsrv,dc=ufv,dc=br -b ou=people,dc=ufv,dc=br -s one
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <ou=people,dc=ufv,dc=br> with scope oneLevel
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>> 
>> # search result
>> search: 2
>> result: 32 No such object
>> 
>> # numResponses: 1
>> sioux@gustav$
>> 
>> Why am i not getting a list of entries below ou=people,dc=ufv,dc=br ?
>> 
>> Thanks in advance.
>> 
>> 
>> 
>> This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
>> 
>> 
>> 
>