[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help with 2.4 ACLs



Duncan Brannen wrote:

>                   I've cut most of my rules out to try and get something
> basic to show the problem I'm having.  Anonymous users
> eg the web server trying to match a uid to a dn, can't search the
> ou=People branch to get the entry which I'd thought the dn.subtree
> on ou=People would allow via the by * read line?
> 
> With the full acls (which have the attrs=userpassword line) I can
> authenticate and search fine but not search as an anonymous user
> which I could with 2.3.38, I'm now trying 2.4.7.

Search needs the privileges described in the OPERATION REQUIREMENTS
section of slapd.access(5).  You need to make sure anonymous has enough
privileges, which apparently doesn't.  Not sure what's the difference in
this area between 2.3 and 2.4; I think the main differences were between
2.2 and 2.3.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------