[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RootDSE question

To: Mike Carpenter <MCarpenter@newpenn.com>
Subject: Re: RootDSE question
From: Pierangelo Masarati <ando@sys-net.it>
Date: Sat, 16 Oct 2004 15:32:32 +0200
Cc: OpenLDAP-software@OpenLDAP.org
References: <OFB42ABC91.F73974D2-ON85256F2E.00548AA6-85256F2E.00557CB3@roadwaynextday.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Mike Carpenter wrote:

I am trying to get a LDAP Administrator program running according to their tech support I am not allowing my RootDSE to be read.
I have tried as both an "Administrator" and as the rootdn
I am using OpenLDAP 2.0.27-17 (RedHat RPM) and my security section of my conf file reads as follows..

access to attr=userPassword by self write by anonymous auth by group/organizationalRole/roleOccupant="cn=LDAPAdmins,o=company,c=us" write by * none

access to * by self write by group/organizationalRole/roleOccupant="cn=LDAPAdmins,o=company,c=us" write by users read
access to dn=""
        by * read
I believe the last statement is what should give everyone read access to the rootDSE, but as you can probably tell I am not very versed in LDAP adminstration. Any help would be greatly appreciated...

Access rules are evaluated in the order they're input, as indicated int the guide and in the man pages. As such, the second rule ("*") catches all, and the third (dn="") is never used. Reverse the order (changing the <what> clause in dn.base="") and you'll do the trick. Note that OpenLDAP 2.0 is historic ever since, and 2.1 is historic as well, so you might run into problems by running that software, so upgrade to latest 2.2 is strongly encouraged).

   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- RootDSE question
  - From: Mike Carpenter <MCarpenter@newpenn.com>

Prev by Date: Re: openldap very fast on one machine, slow on another
Next by Date: Re: auth trigger
Index(es):
- Chronological
- Thread