Why ldapsearch is not working with anonymous bind after upgrading OpenLD

Why ldapsearch is not working with anonymous bind after upgrading OpenLDAP to v2.4?

To: openldap-technical@openldap.org

Subject: Why ldapsearch is not working with anonymous bind after upgrading OpenLDAP to v2.4?

From: Sachin Divekar <ssd532@gmail.com>

Date: Sun, 23 Dec 2012 10:57:26 +0530

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=PWNEMo8NAH3y4E/+lbbTUs6iuuUeigCQWrLFihnq91k=; b=ihy3ZKIOAn8FXjJMRJfPwU9JyKWpvp8VOFDJh6mcNnvEfE8wOHgzXWyFMSJXZ1iuHi IVpAi+5CtN2v1FWltyMdhx4ixBSdBlr63/Xl5vKBeMlm1OJjc6gdegrA5Y/P8Uk463ft TBAmmsWSg4RHP8bvRswoMMsKghqWMS9x4j7Eo2RSCvkXuuNWsQOKr522wY6rtC4oNbJr ppdbN5zb+htuebFTmBOjLxfy1QlT/AzKaMnuow4uaGOHCyPBuWhG6fug7IPX7AwBXig3 mC/nJAFc6cIJjPE/SBNv+MY4tsOW4Gh3n2/3/LVTdpIsi81lqVRzHrIds7Dsl71ly4UN XD7Q==

Dear all,

I have a setup of **OpenLDAP v2.3** which I am using for last few years. Following are the lines in `slapd.conf` for access control.

access to dn. c=IN"

by * read

access to dn.base="o=abc, c=IN"

by * none

When I do ldapsearch using anonymous bind gives me result.

For example following command gives result.

ldapsearch -x -h localhost -b "o=abc,c=IN"

Now I upgraded the OS, CentOS from 5.5 to 6.3 so the version of OpenLDAP is **OpenLDAP v2.4**. We have not changed the schema.

But now the same `ldapsearch` gives me `result: 32 No such object` error.

But it works when I added following line in access control configuration.

access to dn. c=IN"

by * read

access to dn.base="o=abc, c=IN"

by anonymous read

by * none

What can be the reason? Is there any security risk in doing so?

Thank you.

Regards,

Sachin Divekar