man slapd.access(5):
> Dear all,
>
> I have a setup of **OpenLDAP v2.3** which I am using for last few years.
> Following are the lines in `slapd.conf` for access control.
>
> access to dn. c=IN"
> by * read
>
> access to dn.base="o=abc, c=IN"
> by * none
>
> When I do ldapsearch using anonymous bind gives me result.
>
> For example following command gives result.
>
> ldapsearch -x -h localhost -b "o=abc,c=IN"
>
> Now I upgraded the OS, CentOS from 5.5 to 6.3 so the version of OpenLDAP
> is
> **OpenLDAP v2.4**. We have not changed the schema.
>
> But now the same `ldapsearch` gives me `result: 32 No such object` error.
>
> But it works when I added following line in access control configuration.
>
> access to dn. c=IN"
> by * read
>
> access to dn.base="o=abc, c=IN"
> by anonymous read
> by * none
>
>
> What can be the reason? Is there any security risk in doing so?
[...]
The search operation, requires search (=s) privileges on the entry
pseudo-attribute of the searchBase (NOTE: this was introduced with
OpenLDAP 2.4).
[...]
p.
--
>
> Thank you.
>
> --
> Regards,
> Sachin Divekar
>
Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano