[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Object not found

To: espeake@oreillyauto.com, openldap-technical@openldap.org
Subject: Re: Object not found
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Wed, 28 Aug 2013 09:34:00 -0700
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.8.4 edge02-zcs.vmware.com 5F79EB1D
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1377707640; bh=sXhf5MD+P4u7owkgQO7vQxL81wkQ3m3+oX9Cpr2iCoE=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=LueQ/sbJldhQxqdr0iEwuGP9bSmPLdBwr6fIFPMbn1rIC8uWAX6pyWAMuazG+l2Es ii4q3I7pAFuXJQvDjgMZMA3qQB61nT8c00iURo+5xKSISaj3L+Pk9Fm7/77lwqq6Ua V8RPgATmPEzRI1KJNus6j/xKwRuavpXgjY2eMY3Y=
In-reply-to: <OFAF489866.4ED71638-ON86257BD5.0047E68B-86257BD5.00488E2A@LocalDomain>
References: <OFAF489866.4ED71638-ON86257BD5.0047E68B-86257BD5.00488E2A@LocalDomain>

--On Wednesday, August 28, 2013 8:12 AM -0500 espeake@oreillyauto.com wrote:


I have a user name readonly that we use in our applications to get uid's.
THis has worked in the past with our old LDAP solution.  We have moved to
2.4.31 on Ubuntu 12.04 with a n-way Multi master setup.

The slap cat for this database looks like this.

dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=oreillyauto,dc=com
olcAccess: {0}to attrs=userPassword by anonymous auth by * none
olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com" by
group/groupOfUniqueName
 s/uniqueMember="cn=System Administrators,ou=Groups,dc=oreillyauto,dc=com"
wri
 te by group/groupOfUniqueNames/uniqueMember="cn=LDAP
Admin,ou=Groups,dc=oreil
 lyauto,dc=com" write by * none break
olcAccess: {2}to attrs=userPassword by
group/groupOfUniqueNames/uniqueMember="
 cn=Authenticate,ou=Groups,dc=oreillyauto,dc=com" write by anonymous auth
by s
 elf write

Hi,

You need to spend some time reading the manual pages and admin guide onaccess rules for slapd.

It is immediately obvious that rule {2) will never evaluate because of rule{0}. Those shouldn't even be separate rule lines, they should be a singlerule. I haven't looked further because that was so blatant, I'm guessingyou have any number of other issues in your access lines.


--Quanah

--

Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Object not found
  - From: espeake@oreillyauto.com

References:
- Object not found
  - From: espeake@oreillyauto.com

Prev by Date: Re: OpenLDAP Samba4
Next by Date: Problems recovering my ldap db
Index(es):
- Chronological
- Thread