[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Getting ldappasswd and PAM in the same page under CentOS 7
Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT)
schrieb Robert Heller <heller@deepsoft.com>:
> OK, I fixed the ACLs (I think), but it is still not working. I
> turned on verbose debugging for sssd[pam] and moderate debugging for
> slapd.
>
> Here are my ACLs
> in /etc/openldap/slapd.d/cn\=config/olcDatabase\={2}hdb.ldif:
>
> olcAccess: {0}to attrs=userPassword
> by self write
> by anonymous auth
> by dn=uid=heller,ou=People,dc=deepsoft,dc=com write
> by * none
> olcAccess: {1}to *
> by dn=uid=heller,ou=People,dc=deepsoft,dc=com write
> by * read
>
> There are also these olcAccess entries:
>
> in /etc/openldap/slapd.d/cn\=config/olcDatabase\={0}config.ldif:
>
> olcAccess: {0}to * by
> dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth"
> manage by * none
>
> and in /etc/openldap/slapd.d/cn\=config/olcDatabase\={1}monitor.ldif:
>
> olcAccess: {0}to * by
> dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth"
> read by dn.base="cn=Manager,dc=deepsoft,dc=com" read by * none
[...]
You may run slapd in debugging mode 128.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E