[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Possible ACL Issue while try to read Root DSE





Am 28.11.2011 21:48, schrieb Quanah Gibson-Mount:
> --On Monday, November 28, 2011 9:34 PM +0100 Axel Birndt
> <towerlexa@gmx.de> wrote:
>
>> But if i use ldapsearch with the following command i got nothing:
>>
>> ldapsearch -b "" -s base 'objectclass=*'
>>
>> ldap_sasl_interactive_bind_s: No such object (32)

> It is clearly failing with anonymous binds. So yes, this would be an ACL
> issue. I would suggest you peruse your ACLs and fix accordingly.

Ok thanks. Of course i will fix my acl's, but in the moment its not clear for me how i've to change my acl's.

Here are my acls for the

olcDatabase={1}hdb,cn=config
-----------------------------------

olcAccess
(5 values)

{0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=2axelscompany,
dc=ro" write by anonymous auth by self write by * none
{1}to dn.base="" by * read
{2}to dn.base="cn=subschema" by * read
{3}to dn.base="cn=schema,cn=config" by * read
{4}to * by dn="cn=admin,dc=2axels-company,dc=de" write by * read

Could you please double check, my acl's?

i've added the entrys {2} and {3} after the hint to make the schema and subschema readable for all, but i'am afraid i make a mistake.

Otherwise i setup my openldap server with the following guide:

http://wiki.ubuntuusers.de/OpenLDAP

--


Gruß Axel

------------------------------