On 01-04-14 16:16, Hallvard Breien
Furuseth wrote:
On Tue, 2014-04-01 at 09:58 +0200, Jonas Kellens wrote:On 31-03-14 12:52, Hallvard Breien Furuseth wrote:(...) Append something like this to access list: access to * by * searcheven if I add at the beginning of slapd.conf the following : access to * by * I still get no results with the user 'cn=U101001,ou=101001,dc=mydomain'Quite. access controls at the beginning of slapd.conf become the global access list, which are overridden by the database's access list. The latter ends with a default 'access to * by * none'. Also you didn't say what kind of access - read, write, search or whatever. The default is '+0', i.e. no change. This is all as described in man slapd.access. *Append* access to * by * search (or something like it) to the database's access list. That means, after the other access statements. Then it'll apply to the entries not described by those statements. My guess is your previous attempt put it in front, thus hiding most access controls. Hello, I have now put "access to * by *" at the end of the ACL statements. My slapd.conf looks like this : access to dn.regex="ou=tbook[12345],ou=contacten,ou=101001,dc=mydomain" attrs=children by group.exact="cn=admins,ou=101001,dc=mydomain" write by * none break access to dn. by group.exact="cn=admins,ou=101001,dc=mydomain" write by group.exact="cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain" read access to dn. by group.exact="cn=admins,ou=101001,dc=mydomain" write by group.exact="cn=tbook2,ou=gebruikers,ou=101001,dc=mydomain" read access to dn. by group.exact="cn=admins,ou=101001,dc=mydomain" write by group.exact="cn=tbook3,ou=gebruikers,ou=101001,dc=mydomain" read access to dn. by group.exact="cn=admins,ou=101001,dc=mydomain" write by group.exact="cn=tbook4,ou=gebruikers,ou=101001,dc=mydomain" read access to dn. by group.exact="cn=admins,ou=101001,dc=mydomain" write by group.exact="cn=tbook5,ou=gebruikers,ou=101001,dc=mydomain" read access to * by * search access to attrs=userPassword by * auth But still no results : [root@slap01 ]# ldapsearch -x -D 'cn=U101001,ou=101001,dc=mydomain' -b "ou=tbook1,ou=contacten,ou=101001,dc=mydomain" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <ou=tbook1,ou=contacten,ou=101001,dc=mydomain> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 Kind regards, Jonas. |