On Fri, Jan 19, 2007 at 07:16:39PM -0500, Aaron Richton wrote: > >I get problems with access control, however, that prevent it from working. > > Yes...given > >access to * by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write > >access to * by * none Think what you need here is access to * by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write by * break access to attrs=userPassword by anonymous auth by self write by * none access to * by * none the difference is the first wil give uid=slurp root like access to every think. the by * break, say even thought you have match * if youhave gotten to this line break out of this statement and continue processing. The second one governs userPassword - give anon user the right to authenticate and the bottom (last) default one says everything else by everyone else is none > > >The problem is I cannot access the slave database with > >dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx". > because you have no access for anonymous to auth to uid=slurp. > > >slave# ldapsearch -w xxxxxxx -D 'uid=slurp,ou=users,dc=xxxxxxxx,dc=xx' -b > >'dc=xxxxxxxxx,dc=xx' -d 255 > > Debugging on the client isn't going to be too informative here. Try "slapd > -d acl" perhaps. >
Attachment:
signature.asc
Description: Digital signature