[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem after migration openldap 2.3.43 to 2.4.23 --> 32 No Such Object


On 27-02-14 17:49, Quanah Gibson-Mount wrote:
--On Thursday, February 27, 2014 4:19 PM +0100 Jonas Kellens <jonas.kellens@telenet.be> wrote: 


Hello,

I have a working openLDAP server version 2.3.43. My configuration there
works : the correct users have the correct access.

I have set up a new openLDAP-server with newer version 2.3.43.

I have no working openLDAP on version 2.3.43.

I have tried with the new syntax and with the command /usr/sbin/slaptest
-f /etc/openldap/slapd.conf -v to use the build in converion tool, but I
always got : ldap_bind: Invalid credentials (49)
So I forgot this conversion and continued with the "old" slapd.conf file. 

But in this configuration (which is just a copy/paste of my openLDAP
2.3.43) no user can query the LDAP entries.


So this is the setup :

I have a user : cn=U101001,ou=101001,dc=mydomain
 This user is member of the group :
cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain
 These members can read entries in the tree :
ou=tbook1,ou=contacten,ou=101001,dc=mydomain

I have in slapd.conf :

access to dn.one="ou=tbook1,ou=contacten,ou=101001,dc=mydomain"
         by group.exact="cn=admins,ou=101001,dc=mydomain" write
         by group.exact="cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain"
read
So why does my user cn=U101001,ou=101001,dc=mydomain fails to get results 
??


Likely the 2.3 acl set needs adjusting for 2.4.
I would also note it appears you're using the utterly broken packages provided by RH. I'd strongly advise you to get sane, safe packages, such as those provided by Symas or the LTB project. 

--Quanah


Hello,

what kind of adjustments are needed then ?

access to dn.one="ou=tbook1,ou=contacten,ou=101001,dc=mydomain"
         by group.exact="cn=admins,ou=101001,dc=mydomain" write
         by group.exact="cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain"
read


What of the above ACL-statement is incorrect ?


Kind regards,
Jonas.