[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with ACLs

To: Bill Bradford <mrbill@mrbill.net>, openldap-technical@openldap.org
Subject: Re: Problem with ACLs
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Fri, 31 Aug 2018 08:23:37 -0700
Content-disposition: inline
In-reply-to: <20180830191722.GW12349@mrbill.net>
References: <20180830191722.GW12349@mrbill.net>

--On Thursday, August 30, 2018 3:17 PM -0500 Bill Bradford<mrbill@mrbill.net> wrote:

Trying to give a single user "read only" access to everything in
the database including userPassword info.

Here's the LDIF file I'm using w/ldapmodify:

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
  by dn="cn=Manager,dc=domain,dc=com" write


This should also be dn.exact

  by dn.exact="uid=romanager,ou=Users,dc=domain,dc=com" read


Are you sure this is the DN returned by ldapwhoami?

Past that, I'd suggest you test with slapacl and potentially ACL leveldebugging.


--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- Re: Problem with ACLs
  - From: Bill Bradford <mrbill@mrbill.net>

References:
- Problem with ACLs
  - From: Bill Bradford <mrbill@mrbill.net>

Prev by Date: RE: Problem with ACLs
Next by Date: Re: empty reqmod attribute
Index(es):
- Chronological
- Thread