> On Apr 27, 2015, at 8:39 AM, Emmanuel Lecharny (JIRA) <[email protected]> wrote:
>
>
> Any ACL set ?
>
> Also what would be useful is to have the OpenbLDAP logs (filter, stats, ACL)
Yes, ACL’s could be the problem. I’m still learning how docker works and must
admit that I don’t know how to navigate inside the container to find the
settings.
Below are the ACL’s that typically would be set on openldap for fortress.
Nothing much going on there. Once I figure out how to look inside the fishbowl
I’ll report back here.
### ACLs
access to dn="" by * read
access to *
by self write
by users read
by anonymous auth
by sockurl="^ldapi:///$" write
### This one allows user to modify their own password (needed for pw policies):
### This also allows user to modify their own ftmod attributes (needed for
audit):
access to attrs=userpassword
by self write
by * auth
### Must allow access to dn.base to read supported features on this directory:
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
by self write
by anonymous auth
### Disable null base search of rootDSE
### This disables auto-discovery capabilities of clients.
# Changed -> access to dn.base="" by * read <- to the following:
access to dn.base=""
by * none
password-hash {SSHA}
Shawn
[email protected]
