Hi,
The client application did a search request with a filter testing
'objectclass' attribute. The connection was unbound, so the server was
looking for an aci granting anonymous access (userdn = "ldap:///anyone";)
to 'objectclass' on entry cn=oradev1. As it does not exist such aci
the entry was skipped.
Is it expected to allow anonymous requests ? If yes then you may add
'objectclass' in the target definition of the anonymous aci.
best regards
thierry
On 7/7/21 9:36 AM, iulian roman via FreeIPA-users wrote:
After enabling the debug , in the logs I see access denied:
[07/Jul/2021:09:27:58.612128660 +0200] - DEBUG - NSACLPlugin - print_access_control_summary -
conn=11 op=1 (main): Deny search on
entry(cn=oradev1,cn=oraclecontext,dc=ipadev,dc=example,dc=com).attr(objectClass) to anonymous: no
aci matched the subject by aci(22): aciname= "Admin can manage any entry",
acidn="dc=ipadev,dc=example,dc=com"
I do now know if I need to add some extra filters in the permission or how the
permission rule should look like. Do not know either if it is case sensitive or
not (although in the query and ldap I have cn=OracleContext , in the logs I see
it is cn=oraclecontext), therefore I am a bit confused here.
Any help would be really appreciated.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
