[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL OK in 2.0/2.1 not OK in 2.2
lugzug@lenin.net writes:
> I have a little test server using OpenLDAP as a NIS replacment.
>
> I've been able to use the ACLs below for quite some time with no troubles.
> When upgrading to OpenLDAP v2.2 (2.2.6-34 shipped with SUSE 9.1) I get a
> syntax error on line 13. The error message is "bad DN "()" in to DN
> clause".
>
> I've tried changing the ACL line to "access to dn.base="" by * read". That
> parses OK, but my clients are broken.
>
> On my client if I do a "ldapsearch -Z -x" I get no results back, whereas
> before with OpenLDAP v2.0/v2.1 I would see all the contents (/etc/passwd,
> and /etc/group equiv).
>
> 1 access to attr=userPassword
> 2 by self write
> 3 by anonymous auth
> 4
> 5 access to dn="uid=(.*),ou=.*,dc=com" attr=sn,givenName,homePhone
> 6 by self write
> 7 by users read
With flag -x your are initiating an anonymous bind, but your acl's
only allow authenticated users to read. So your access rules work
properly.
-Dieter
--
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de