[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
back-ldap with an anonymous ACL not working
Hello,
I have an an OpenLDAP 2.2.26 running as a proxy with an `ldap' backend
configured. Everything works fine when attempting an authenticated bind,
but I cannot get the backend to deliver a simple attribute type (cn,usercertificate)
to me upon anonymous bind.
| database ldap
| uri "ldap://backendserver1/ ldap://backendserver2/"
| binddn "cn=Proxy-Agent,dc=example,dc=com"
| bindpw "secret"
| suffixmassage "ou=People,o=NEW" "ou=People,dc=example,dc=com"
| suffix "ou=People,o=NEW"
| map attribute "display-name" "displayname"
| map attribute uid *
| map attribute cn *
| map attribute mail *
| map attribute usercertificate;binary *
| map attribute *
| map objectclass person *
| map objectclass inetorgperson *
| map objectclass *
|
| access to dn.base="" by * read
| access to dn.base="cn=Subschema" by * read
|
| access to attrs=userpassword
| by anonymous auth
|
|--- start problem
| access to dn.subtree="ou=People,O=NEW" attrs=cn,usercertificate
| by anonymous read
| by users read
|--- end problem
|
| access to *
| by users read
| by anonymous auth
|
Could somebody kindly help me with what is probably a trivial
issue? I want anonymous binds to be able to retrieve the
binary userCertificate when they search for `mail=user@example.com'.
Thanks & regards,
-JP