[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Possible ACL Issue while try to read Root DSE



--On Monday, November 28, 2011 10:07 PM +0100 Axel Birndt <towerlexa@gmx.de> wrote:



Am 28.11.2011 21:48, schrieb Quanah Gibson-Mount:
 > --On Monday, November 28, 2011 9:34 PM +0100 Axel Birndt
 > <towerlexa@gmx.de> wrote:
 >
 >> But if i use ldapsearch with the following command i got nothing:
 >>
 >> ldapsearch -b "" -s base 'objectclass=*'
 >>
 >> ldap_sasl_interactive_bind_s: No such object (32)

 > It is clearly failing with anonymous binds. So yes, this would be an
ACL
 > issue. I would suggest you peruse your ACLs and fix accordingly.

Ok thanks. Of course i will fix my acl's, but in the moment its not clear
for me how i've to change my acl's.

Here are my acls for the

olcDatabase={1}hdb,cn=config
-----------------------------------

olcAccess
(5 values)

{0}to attrs=userPassword,shadowLastChange by
dn="cn=admin,dc=2axelscompany,
dc=ro" write by anonymous auth by self write by * none
{1}to dn.base="" by * read
{2}to dn.base="cn=subschema" by * read
{3}to dn.base="cn=schema,cn=config" by * read
{4}to * by dn="cn=admin,dc=2axels-company,dc=de" write by * read

Could you please double check, my acl's?

i've added the entrys {2} and {3} after the hint to make the schema and
subschema readable for all, but i'am afraid i make a mistake.

These apply to your olcDatabase={1}hdb,cn=config database. They do not apply to your frontend database, which is where the rootDSE is stored, and its ACLs. You may want to look at the acls in olcDatabase={-1}frontend.ldif

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration