On Sun, Jan 21, 2007 at 07:59:40PM +0100, Andrea Venturoli wrote: > Aaron Richton wrote: > >>I get problems with access control, however, that prevent it from > >>working. > > > >Yes...given > >>access to * by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write > >>access to * by * none > > > >>The problem is I cannot access the slave database with > >>dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx". > >because you have no access for anonymous to auth to uid=slurp. > > Ok, but I can't seem to get out of this, even after reading the docs again! > > Now I tried: > > >access to * by dn="uid=slurp,ou=users,dc=biolchim,dc=in" write > >access to * by * auth > >#access to * by * none That will not work either. The way the acl works is it starts at the top and works down. When the slave system tries to log in it will try to authenticate against the master server with your provided credentials. it will try to authenticate against the userPassword record. When it evals it it matches the first line (access to *), but you only have 1 by clause associated with it and that belongs to uid=slurp. It will never eval to the 2nd access line cause it was satisfied with line 1. add before your first access access to attrs=userPassword by self write by anonymous auth by * none > > but this won't improve my situation a bit. > What should I write here? > > > > >Debugging on the client isn't going to be too informative here. Try > >"slapd -d acl" perhaps. > > Tried that too, but I get info on succesful binds and nothing when I try > with user slurp. > > > bye & Thanks > av. >
Attachment:
signature.asc
Description: Digital signature