I've recently begun to explore the config backend for OpenLDAP 2.3.7, and
and running into what appears to be an ACL issue, but I can't figure out
what I've done wrong, nor how to explore further.
What I think are pertinent snippets from my slapd.conf:
rootdn "cn=manager,com=foo"
database config
defaultaccess none
access to dn.subtree="cn=config"
by dn.exact="cn=manager,com=foo" write
by * read
I created my slapd.d directory:
# mkdir -p /etc/openldap/slapd.d
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
# mv /etc/openldap/slapd.conf /etc/openldap/slapd.conf.test
# chown -R ldap:ldap /etc/openldap/slapd.d/
slapd.d does seem to be fully populated, and slapd was successfully
restarted. But, when I attempt to search this database:
# ldapsearch -x -LLL -D cn=manager,com=foo -w foobar \
-b cn=config > /var/tmp/ldif.out
Insufficient access (50)
Does anyone see anything obviously wrong here? I had several
databases with identical ACLs, which I can search, so I know I have
my credentials right.
Running the server and ldapsearch with '-d -1' doesn't reveal
anything like UNIX permission errors.
Alas, I could not find a manpage for slapd.d, nor slapd-config, so
I'm running blind, here...
I'd appreciate any feedback you folks can provide.
--
Brian Reichert <reichert@numachi.com>
55 Crystal Ave. #286 Daytime number: (603) 434-6842
Derry NH 03038-1725 USA BSD admin/developer at large