[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Error 18: Solaris 10 Native LDAP-Client
Am Mittwoch 03 November 2010, 09:52:26 schrieb Benjamin Griese:
> Hello Ralf,
>
[..]
> In the meantime I set the ACL, but unfortunatly it didn't help solving
> the problem, you may take a look at my example:
>
> DN: olcDatabase={1}hdb,cn=config
> olcAccess: {0}to attrs=userPassword,shadowLastChange by
> dn="cn=ldapadm,dc=example,dc=de" write by
> dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" read by
> anonymous auth by self write by * none
> olcAccess: {1} to dn.base="" attrs=supportedControl
> val/objectIdentifierMatch=1.2.840.113556.1.4.473 by * none
> olcAccess: {2} to dn.base="" attrs=supportedControl
> val/objectIdentifierMatch=2.16.840.1.113730.3.4.9 by * none
> olcAccess: {3}to dn.base="" by * read
> olcAccess: {4}to * by dn="cn=ldapadm,dc=example,dc=de" write by * read
>
> If I remember right {4} is not opening up the access when it is
> explicitly denied in the ACLs {1} & {2}, am I right?
Yes, you are right.
> But I'm not sure if this is the right place for this kind of ACL,
> cn=config instead should be wrong too I guess.
It has to be in the global ACL, i.e. you have to add it to
olcDatabase={-1}frontend,cn=config.
> Bye, Benjamin.
[..]
Ralf
--
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)