LDAP access list

[jawed abbasi <jabbasi@yahoo.com>]

Hello

 

  I know its really frustrating to see same people asking same questions, but thats what this list is for, I have done enough reading and tailling logs after enabling 128.

But I am not getting anywhere with this.

 

I have following access list

 

on Master and Slave

 

1) access to dn=".*,dc=navtechinc,dc=com" attr=userPassword,ntPassword,lmPassword,gecos
        by dn="cn=Manager,dc=navtechinc,dc=com" write
        by dn="uid=replica,ou=YkfUsers,ou=users,dc=navtechinc,dc=com" write
        by self write
        by * read

 

2)access to dn=".*,dc=navtechinc,dc=com"
        by dn="cn=Manager,dc=navtechinc,dc=com" write
        by dn="uid=replica,ou=YkfUsers,ou=users,dc=navtechinc,dc=com" write
        by self write

 

If I leave only number 1 active in slapd.access.conf, everything works cool, users can login, change password all that stuff work, as you can see I want to hide certain Attr from all user, and only manager and replica and self are allowed  in number1, but my replication fails in case of number1 being active.

But If I add number 2 access right in slapd.access.conf , then replication works users can do all that stuff , but  when I do a search

 

ldapsearch -x -h hostname uid=replica , I cann see all attr for replica, even the passwords, but I want to hide password attr, and I want my replication stuff still work, but I can't figure out what perticular access list I need to make all this stuff work.

 

Any help hints, redirections will be appreciated.

 

Thanks

---

Do you Yahoo!?
The New Yahoo! Shopping - with improved product search