Re: ACL problem in slapd.conf

[Tomasz Chmielewski <mangoo@wpkg.org>]

Jonathan Clarke wrote:

> 2) You can enable loglevel acl in your configuration file and check the 
> logs to see which rules are being used.
>
> I hope this helps. If you have further questions, don't hesitate to post 
> back here with your full set of ACLs, and information on the version of 
> slapd you're using.

I think I have it working with changing this set of ACLs:


access to attrs=userPassword,sambaLMPassword,sambaNTPassword
    by self write
    by dn="uid=replica,ou=Users,dc=example,dc=com" write
    by anonymous auth
    by * none 


access to *
    by dn="uid=replica,ou=Users,dc=example,dc=com" write
    by * read



to this:


access to attrs=userPassword,sambaLMPassword,sambaNTPassword
    by self write
    by dn="uid=replica,ou=Users,dc=example,dc=com" write
    by anonymous auth
    by * none

access to dn.subtree="ou=Users,dc=example,dc=com"
    by dn="uid=Operator,ou=Users,dc=example,dc=com" write
    by * read
    by self write
    by dn="uid=replica,ou=Users,dc=example,dc=com" write
    by anonymous auth
    by * none

access to dn.subtree="ou=Groups,dc=example,dc=com"
    by dn="uid=Operator,ou=Users,dc=example,dc=com" write
    by * read
    by self write
    by dn="uid=replica,ou=Users,dc=example,dc=com" write
    by anonymous auth
    by * none

access to *
    by dn="uid=replica,ou=Users,dc=example,dc=com" write
    by * read


And I think I should comment out "by anonymous auth" from the two 
entries I added...


--
Tomasz Chmielewski
http://wpkg.org