[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch not returning namingContexts



dn: olcDatabase={-1}frontend,cn=config
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
this rule only allows root to access rootDSE via local socket, that is
ldapi:///
that is, as root: ldapsearch -Y EXTERNAL -H ldapi:/// -b "" -s base +

[...]
thank you - that explains it.  i'm left wondering how those acls for 
frontend and config got there - i don't recall ever explicitly setting 
them.  slapd isn't listening on a local socket, which would render them 
quite useless, right?
on a related note, regarding the frontend database - reading a bit in 
the admin guide, my understanding is that the frontend database is the 
appropriate location for such acls as olcAccess: to dn.base="" by * read 
- is this correct?  i've done this, and the behavior is now as i expect, 
but just curious about typical practices.
-ben