[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Permissions required to perform OU/DN filtering?

To: quanah@symas.com
Subject: Re: Permissions required to perform OU/DN filtering?
From: Philip Colmer <philip.colmer@linaro.org>
Date: Wed, 24 Oct 2018 15:31:04 +0100
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=hJ7A9HiKUrWvzPL8JfWQvuwoo/GhovSerlDUFvFz8Eo=; b=IpuC6heV8rZ2JsKzYV633KZLsu7QE8QQkqHJWZB+0hbP4Pi8jD40EyvNZ+TguGTlK3 vKHq120WLQVjGNTZJgIPaCAh++ouVjXtl0NWq4nluW3DGp35hn/WbsKT93kfERYyv0CW re+jDoxm6f832NVUWTTP2ZTFLyS15vNsdDqmc=
In-reply-to: <D1772E293E0C2E1C19D84E9D@192.168.1.39>
References: <CAKTSSThrnVZ+6ELexAOMhUgzPHGaJs=p3rdC1TL3EHEYcsvt+A@mail.gmail.com> <155dbd7d-c3f4-fe5e-601e-c2e3d14d0805@stroeder.com> <CAKTSSTi6S-HaiYDLnNOXc1RYLLvbCm3EnhCF1LYa8ovAKSBkSw@mail.gmail.com> <8426d7c7-6d23-4b5a-db23-058d3f23e0af@stroeder.com> <CAKTSSTiB5qZTm=9VStSmyt_cBjEjmkQbNLh__D0sihMwNSmXNw@mail.gmail.com> <D1772E293E0C2E1C19D84E9D@192.168.1.39>

So, in the end, it was literally the "ou" attribute that I needed to
grant read access to.

Just in case anyone else needs to do something similar in the future …

Regards

Philip

On Tue, 23 Oct 2018 at 23:05, Quanah Gibson-Mount <quanah@symas.com> wrote:
>
> Hi Philip,
>
> --On Tuesday, October 23, 2018 2:21 PM +0100 Philip Colmer
> <philip.colmer@linaro.org> wrote:
>
> > Yes, I can run slapd in debug mode but this is a production system so
> > that means scheduling a maintenance window in several weeks' time. I
> > was rather hoping to have a solution in place sooner than that thanks
> > to the kind support of this list but, if I don't have it, I'll figure
> > it out for myself.
>
> I don't know the answer off the top of my head, but I would imagine you
> could set up a test/dev server fairly quickly to figure this out?  Should
> be pretty straight forward.  If you have the cn=config database enabled,
> you could change the loglevel to ACL on the fly (just to note).
>
> Warm regards,
> Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>

References:
- Permissions required to perform OU/DN filtering?
  - From: Philip Colmer <philip.colmer@linaro.org>
- Re: Permissions required to perform OU/DN filtering?
  - From: Michael Ströder <michael@stroeder.com>
- Re: Permissions required to perform OU/DN filtering?
  - From: Philip Colmer <philip.colmer@linaro.org>
- Re: Permissions required to perform OU/DN filtering?
  - From: Michael Ströder <michael@stroeder.com>
- Re: Permissions required to perform OU/DN filtering?
  - From: Philip Colmer <philip.colmer@linaro.org>

Prev by Date: ACL contextCSN
Next by Date: Re: Adding read-only consumers to a Mirror Mode Replication setup?
Index(es):
- Chronological
- Thread