[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL Confusion



I finally figured out my problem, and am replying so this goes
into the archives. I added a monitor database last week, and had all my
ACLs globbed together at the bottom of my slapd.conf.  After analyzing the
openldap.org docs again, I saw:

"Note: If no access directives are specified, the default access control
policy, access to * by * read, allows all both authenticated and anonymous
users read access."

It struck me that my ACLs may be getting applied to my monitor
database and not the main suffix. A little mucking around and I got it to
work correctly. I apologize for the wasted bandwidth. I also want to thank
Tony for the links he emailed me earlier this week.

Thanks,
Ryan

On Thu, 20 Feb 2003 mattyml@bellsouth.net wrote:

> Hi Folks,
>
> I have been toying around a bit more with my ACLs. When I add:
>
> access to *
>     by * none
>
> and startup slapd:
>
> Starting OpenLDAP Server: bdb_initialize: Sleepycat Software: Berkeley DB
> 4.1.24: (September 13, 2002)
> bdb_db_init: Initializing BDB database
> Backend ACL: access to *
>         by * none(=n)
>
> I am still able to perform the following search:
>
> ldapsearch -x -D "" '(cn=*m*)'
>
> Everything is returned. It would look as if slapd is ignoring
> the ACls altogether:
>
> => access_allowed: search access to "dc=test,dc=com" "cn" requested
> => access_allowed: backend default search access granted to ""
>
> Anyone know that I could be missing? I am miffed and prob doing
> something stupid :(
>
> Thanks,
> - Ryan
>