[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Some children only viewable by root user?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Maybe you need something like this in you ACL:

access to dn=""
        by * read

access to dn="cn=Subschema"
        by * read

_Ace

> I've got a very odd problem here.  I've got a list of entries under
> "ou=Departments,dc=dal,dc=ca", each one being a department at our 'o'.
> Problem is, not all of the them show up when doing a query like the
> following:
>
>     ldapsearch -x -b 'ou=departments,dc=dal,dc=ca' -s sub '(ou=*)'
>
> However, they DO show up if I bind as the root user.  They also show up if
> I do a slightly more specific search, like '(ou=N*)', or specifically set
> -b to their DN.
>
> Thinking this might be an ACL issue, I tried using this ACL, and ONLY this
> ACL:
>
> 	access to * by * write
>
> Still no luck.
>
> I've run slapd -d128, and the main difference seems to be that as
> anonymous, I get a lot of:
>
> 	access_allowed: no res from state (objectClass)
>
> ... when as rootDN I don't.
>
> Anyone know where to go from here?  This is OpenLDAP 2.1.21.

- -- 
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/zTajy7boE8xtIjURAt+aAJ9qWykX2UmdgHYYAnmsfLN7GgmRxQCfcuUm
AqvLOTKT7LueoHy7lJK6IC4=
=VeTi
-----END PGP SIGNATURE-----