Thanks Peter.
We created a user as follows:
dn:
cn=zabbix,ou=Applications,ou=Groups,dc=prime,dc=ds,dc=geo,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: zabbix
sn: zabbix
userPassword:: e1NIQX1NaTh4WX2V3dabTBGZ2JWRnY0L2s9
root@geopc:/etc/ldap/slapd.d/cn=config# ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch (Oct 17 2012 19:48:03) $
buildd@komainu:/build/buildd/openldap-2.4.28/debian/build/clients/tools
(LDAP library: OpenLDAP 20428)
In /usr/share/slapd/slapd.conf we added acl but it’s not
affecting so we added in olcAccess. It also default contents and
please see the current settings.
root@geopc:/etc/ldap/slapd.d/cn=config# ldapsearch -Q -LLL -Y
EXTERNAL -H ldapi:/// -b cn=config '(olcDatabase={1}hdb)'
olcAccess
dn: olcDatabase={1}hdb,cn=config
olcAccess: {0}to attrs=userPassword,shadowLastChange by self
write by anonymou
s auth by dn="cn=admin,dc=ds,dc=geo,dc=com" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by
dn="cn=admin,dc=ds,dc=geo,dc=com"
write by * read
olcAccess: {3}to dn.sub="ou=People,dc=prime,dc=ds,dc=geo,dc=com"
attrs
=userPassword by self write by * auth
olcAccess: {4}to dn.sub="ou=People,dc=prime,dc=ds,dc=geo,dc=com"
filte
r="( allowedService=zabbix)" attrs=uid,objectClass by
dn.exact="cn=zabbix,ou=App
lications,ou=Groups,dc=prime,dc=ds,dc=geo,dc=com" read by self
read
dn: olcDatabase={2}hdb,cn=config
root@geopc:/etc/ldap/slapd.d/cn=config#
With this setting zabbix application can be logged by all users
in ou=People,dc=prime,dc=ds,dc=geo,dc=com.
Can you please have a check and please help me on it. Thanks in
advance.
Geo