[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: search request not blocked by ACLs





Le mer. 4 sept. 2019 à 16:00, Quanah Gibson-Mount <quanah@symas.com> a écrit :
--On Wednesday, September 4, 2019 1:56 PM +0200 Manuela Mandache
<manuela3mandache@gmail.com> wrote:

> olcAccess: {0}to * by dn.base="cn=admin,cn=config" manage by
> dn.base="cn=adm
>  in,dc=example,dc=com" manage by * break
> olcAccess: {1}to dn.base="" by * read
> olcAccess: {2}to dn.base=cn=Subschema by * read
> olcAccess: {3}to dn.subtree="dc=example,dc=com" attrs=userPassword by *
> auth
> olcAccess: {4}to dn.subtree="dc=example,dc=com" attrs=entry by * read
> olcAccess: {5}to dn.subtree="dc=example,dc=com" attrs=cn,mail by * read
> olcAccess: {6}to * by anonymous none by * read

On what cn=config entry have you set these ACLs?

They're on
olcDatabase={2}mdb,cn=config
This is the DB containing the actual data of the directory, with
olcSuffix: dc=example,dc=com

Regards,

Manuela
 

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>