[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Object not found

--On Wednesday, August 28, 2013 8:12 AM -0500 espeake@oreillyauto.com wrote:

I have a user name readonly that we use in our applications to get uid's.
THis has worked in the past with our old LDAP solution.  We have moved to
2.4.31 on Ubuntu 12.04 with a n-way Multi master setup.

The slap cat for this database looks like this.

dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=oreillyauto,dc=com
olcAccess: {0}to attrs=userPassword by anonymous auth by * none
olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com" by
 s/uniqueMember="cn=System Administrators,ou=Groups,dc=oreillyauto,dc=com"
 te by group/groupOfUniqueNames/uniqueMember="cn=LDAP
 lyauto,dc=com" write by * none break
olcAccess: {2}to attrs=userPassword by
 cn=Authenticate,ou=Groups,dc=oreillyauto,dc=com" write by anonymous auth
by s
 elf write


You need to spend some time reading the manual pages and admin guide on access rules for slapd.

It is immediately obvious that rule {2) will never evaluate because of rule {0}. Those shouldn't even be separate rule lines, they should be a single rule. I haven't looked further because that was so blatant, I'm guessing you have any number of other issues in your access lines.



Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration