Quanah Gibson-Mount wrote:
Well, I will note that there were changes to some of the settings in
slapd.conf between 2.1 and 2.2 and also there were changes to how
ACL's were formed
Thanks for the hint. I went to "OpenLDAP Everywhere Revisited" in the
July 2005 Linux Journal and copied the access controls from there:
access to attrs=userPassword
by dn="cn=Manager,dc=foo,dc=com" write
by self write
by anonymous auth
by * none
# All other attributes are readable to everybody
access to *
by self write
by dn="cn=Manager,dc=foo,dc=com" write
by * read
and all is now well. The key thing seems to be that one needs an
explicit "access to * by * read" at OpenLDAP 2.2. Thanks again for the
quick help!