[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL contextCSN

To: Lirien Maxime <maxime.lirien@gmail.com>, openldap-technical@openldap.org
Subject: Re: ACL contextCSN
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Wed, 24 Oct 2018 08:15:50 -0700
Content-disposition: inline
In-reply-to: <CAFkMs3MDQkcUU3XZ8X5YuciGYNoV6=7tqDXpyGVNLZqY1JeCFA@mail.gmail.com>
References: <CAFkMs3MDQkcUU3XZ8X5YuciGYNoV6=7tqDXpyGVNLZqY1JeCFA@mail.gmail.com>

--On Wednesday, October 24, 2018 5:17 PM +0200 Lirien Maxime<maxime.lirien@gmail.com> wrote:

# 2) userPassword accessible by all
access to * attrs=userPassword
    by dn.exact="cn=Synchro,ou=Comptes Admin,dc=fr" read
    by users auth
    by anonymous auth
    by * none


This should be just access to attrs=userPassword, no need for the *.

Similar comment for some of your other ACLs using the same format.

I would generaly advise enabling "acl" level logging to see how things arebeing processed so you can determine what additional access is needed orwhich rule(s) are blocking access.


--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- ACL contextCSN
  - From: Lirien Maxime <maxime.lirien@gmail.com>

Prev by Date: Re: Adding read-only consumers to a Mirror Mode Replication setup?
Next by Date: Re: two subtrees replication
Index(es):
- Chronological
- Thread