[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch returns one entry



Stephen Walton wrote:

Quanah Gibson-Mount wrote:



Well, I will note that there were changes to some of the settings in
slapd.conf between 2.1 and 2.2 and also there were changes to how
ACL's were formed



Thanks for the hint. I went to "OpenLDAP Everywhere Revisited" in the July 2005 Linux Journal and copied the access controls from there:

access to attrs=userPassword
     by dn="cn=Manager,dc=foo,dc=com" write
     by self write
     by anonymous auth
     by * none
# All other attributes are readable to everybody
access to *
     by self write
     by dn="cn=Manager,dc=foo,dc=com" write
     by * read


and all is now well. The key thing seems to be that one needs an
explicit "access to * by * read" at OpenLDAP 2.2. Thanks again for the
quick help!


As clearly stated nearly everywhere in OpenLDAP documentation (man pages, admin guide, FAQ, example slapd.conf that ships with the code) those ACLs are exactly equivalent to

access to attrs=userPassword
     by self write
     by anonymous auth
access to *
     by self write
     by * read

The rest is redundant, source of confusion and introduces unnecessary performance penalties.

p.


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497