[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema not available with restrictive ACLs

To: openldap-software@OpenLDAP.org
Subject: Re: Schema not available with restrictive ACLs
From: Turbo Fredriksson <turbo@bayour.com>
Date: 17 May 2004 06:44:02 +0200
In-reply-to: <03e401c43b8e$cb49c220$8800020a@yourqqh4336axf>
Organization: LDAP/Kerberos expert wannabe
References: <016601c439de$dca80ba0$8800020a@yourqqh4336axf> <1084573795.11445.44.camel@localhost> <02ba01c43b5f$88818ce0$8800020a@yourqqh4336axf> <1084733409.30411.25.camel@localhost> <03e401c43b8e$cb49c220$8800020a@yourqqh4336axf>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

>>>>> "adp" == adp  <dap99@i-55.com> writes:

    adp> So my question all boiled down to if there was a:
    adp> access to schema by * read

/usr/bin/ldapsearch -x -LLL -h localhost -s base -b '' 'objectClass=*' subschemaSubentry
/usr/bin/ldapsearch -x -LLL -h localhost -s base -b 'cn=Subschema' 'objectClass=*' +


This will give me the schema. But then my ACL's are ok. How
about this (as a lead):

access to dn="cn=Subschema"
        by peername="IP=127\.0\.0\.1:.*" read
        by peername="IP=192\.168\.1\.4:.*" read

References:
- Schema not available with restrictive ACLs
  - From: "adp" <dap99@i-55.com>
- Re: Schema not available with restrictive ACLs
  - From: Tony Earnshaw <tonye@billy.demon.nl>
- Re: Schema not available with restrictive ACLs
  - From: "adp" <dap99@i-55.com>
- Re: Schema not available with restrictive ACLs
  - From: Tony Earnshaw <tonye@billy.demon.nl>
- Re: Schema not available with restrictive ACLs
  - From: "adp" <dap99@i-55.com>

Prev by Date: Re: Schema not available with restrictive ACLs
Next by Date: poor performance of Openldap/Pgsql-7.4.1
Index(es):
- Chronological
- Thread