[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL contextCSN
- To: Lirien Maxime <maxime.lirien@gmail.com>, openldap-technical@openldap.org
- Subject: Re: ACL contextCSN
- From: Quanah Gibson-Mount <quanah@symas.com>
- Date: Wed, 24 Oct 2018 08:15:50 -0700
- Content-disposition: inline
- In-reply-to: <CAFkMs3MDQkcUU3XZ8X5YuciGYNoV6=7tqDXpyGVNLZqY1JeCFA@mail.gmail.com>
- References: <CAFkMs3MDQkcUU3XZ8X5YuciGYNoV6=7tqDXpyGVNLZqY1JeCFA@mail.gmail.com>
--On Wednesday, October 24, 2018 5:17 PM +0200 Lirien Maxime
<maxime.lirien@gmail.com> wrote:
# 2) userPassword accessible by all
access to * attrs=userPassword
by dn.exact="cn=Synchro,ou=Comptes Admin,dc=fr" read
by users auth
by anonymous auth
by * none
This should be just access to attrs=userPassword, no need for the *.
Similar comment for some of your other ACLs using the same format.
I would generaly advise enabling "acl" level logging to see how things are
being processed so you can determine what additional access is needed or
which rule(s) are blocking access.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>