[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Some children only viewable by root user?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Maybe you need something like this in you ACL:
access to dn=""
by * read
access to dn="cn=Subschema"
by * read
_Ace
> I've got a very odd problem here. I've got a list of entries under
> "ou=Departments,dc=dal,dc=ca", each one being a department at our 'o'.
> Problem is, not all of the them show up when doing a query like the
> following:
>
> ldapsearch -x -b 'ou=departments,dc=dal,dc=ca' -s sub '(ou=*)'
>
> However, they DO show up if I bind as the root user. They also show up if
> I do a slightly more specific search, like '(ou=N*)', or specifically set
> -b to their DN.
>
> Thinking this might be an ACL issue, I tried using this ACL, and ONLY this
> ACL:
>
> access to * by * write
>
> Still no luck.
>
> I've run slapd -d128, and the main difference seems to be that as
> anonymous, I get a lot of:
>
> access_allowed: no res from state (objectClass)
>
> ... when as rootDN I don't.
>
> Anyone know where to go from here? This is OpenLDAP 2.1.21.
- --
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/zTajy7boE8xtIjURAt+aAJ9qWykX2UmdgHYYAnmsfLN7GgmRxQCfcuUm
AqvLOTKT7LueoHy7lJK6IC4=
=VeTi
-----END PGP SIGNATURE-----