[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd access control problems

To: Andrea Venturoli <ml@netfence.it>, openldap-software@openldap.org
Subject: Re: slurpd access control problems
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Fri, 19 Jan 2007 16:11:10 -0800
Content-disposition: inline
In-reply-to: <45B14573.3010404@netfence.it>
References: <45B14573.3010404@netfence.it>

--On Friday, January 19, 2007 11:25 PM +0100 Andrea Venturoli <ml@netfence.it> wrote:

Hello.
I guess this must be a FAQ, but I tried searching for a whole day and
didn't came up with any answer.

I've got two FreeBSD servers running openldap 2.3.32 in a master/slave
configuration. I'm using slurpd to keep them in sync: I tried this with
the rootdn as the slurp binddn and from a network perspective it works.
Now, I obviously don't want to use rootdn for this, so I created a new
user and I'm using simple authentication (on an SSL layer).

I get problems with access control, however, that prevent it from working.


What I did:


I created this user:

dn: uid=slurpd,ou=users,dc=xxxxxxxx,dc=xx

access to * by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write
The problem is I cannot access the slave database with
dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx".

What I get is:

slave# ldapsearch -w xxxxxxx -D 'uid=slurp,ou=users,dc=xxxxxxxx,dc=xx' -b
What am I doing wrong?

The user you created (uid=slurpd) is not the DN you gave access to (uid=slurp), assuming that isn't a typo and is a direct cut & paste.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: slurpd access control problems
  - From: Andrea Venturoli <ml@netfence.it>

References:
- slurpd access control problems
  - From: Andrea Venturoli <ml@netfence.it>

Prev by Date: slurpd access control problems
Next by Date: Re: slurpd access control problems
Index(es):
- Chronological
- Thread