iulian roman via FreeIPA-users wrote: > Hello, > > I tried to grant read/search access to a specific subtree in IPA for > anonymous bind. The ipa permission-add command completed successfully, but > when I try ldapsearch it does not display any objects. > > ipa permission-show 'read oracle context' > Permission name: read oracle context > Granted rights: read, search, compare > Bind rule type: anonymous > Subtree: cn=OracleContext,dc=ipadev,dc=example,dc=com > Target DN: cn=*,cn=OracleContext,dc=ipadev,dc=example,dc=com > Permission flags: SYSTEM, V2 > > ldapsearch -h ipadevserver -p 389 -x -b > "cn=OracleContext,dc=ipadev,dc=example,dc=com" > # extended LDIF > # > # LDAPv3 > # base <cn=OracleContext,dc=ipadev,dc=example,dc=com> with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # search result > search: 2 > result: 0 Success > > # numResponses: 1 > > Any idea what is wrong or what do I need to change ?
It's not possible to say without seeing what the entries in cn=OracleContext,dc=ipadev,dc=example,dc=com look like. Do they all have cn defined? You might also consider using --filter instead of --target. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
