[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs Seem to Have No Effect

nick@ndmckinney.net writes:
> I am having some difficulty setting up the ACLs on my OpenLDAP server
> (2.4.8).  No matter what I change, the ACL rules I write into my
> slapd.conf file seem to have no effect at all.

Have you stopped and restarted slapd?  Only then do slapd.conf changes
take effect.

Which client command are you using, how do you expect it to behave,
and how does it actually behave?

> As well as another to try to block Anonymous binds:
> http://www.openldap.org/faq/data/cache/318.html

Hmph, that's misleading.  That doesn't block anonymous Bind, it blocks
anonymously bound (or unbound) connections from accessing the directory.
And without a userPassword acl above it, it also blocks users from
Binding:-) See also the 'disallow' directive.

> But neither seem to have any effect at all.  My present slapd.conf
> ACLs are as follows:

No other acls?  Do they occur in a database definition or above
the database definitions?

> access to attrs=userPassword
> 	by self =xw
> 	by anonymous auth
> # allow only rootdn to read the monitor

The monitor?  Then this one is presumably below 'database monitor' in

> access to *
> 	by self write
> 	by anonymous none
> 	by users read