Am Dienstag, 18. April 2006 02:43 schrieb Kurt D. Zeilenga: > At 12:27 AM 4/17/2006, Dr. Harry Knitter wrote: > >Am Donnerstag, 13. April 2006 17:13 schrieb Lise Didillon: > >> At 08:39 13/04/06 +0200, Dr. Harry Knitter wrote: > >> >Hello, > >> > > >> >I am new with Openldap and with this list, too. > >> > > >> >My problem is as follows: > >> > > >> >I have set up an openldap server with simple bind. > >> > > >> >Everything works fine when using rootdn to acess my data. > >> >There are several addressbooks in different dns. > >> > > >> >My access controls are: > >> >access to * > >> > by * read > >> > > >> >access to dn.subtree="dc=mydoamin,dc=tld" > >> > by dn="uid=harry,cn=users,ou=ldapconfig,dc=mydomain,dc=tld" write > >> > by * none > >> > >> write instead: > >> > >> access to dn.subtree="dc=mydoamin,dc=tld" > >> by dn="uid=harry,cn=users,ou=ldapconfig,dc=mydomain,dc=tld" write > >> by * none > >> > >> access to * > >> by * read > >> > >> because slapd finds and stops at the first rule that matches the entry, > >> > > > > > >When I do this I get no access at all. > > Ignoring the differences in second level RDNs of your DNs > is merely a typo in your messages (but not in your configuration), > it appears you didn't grant "auth" permission necessary for > anonymous users to access userPassword values (in the subtree) > for the purposes of simple bind authentication. That is, > "by anonymous auth" might be more appropriate than the > (redundant) "by * none". See slapd.access(5) and the Admin > Guide for details. > > - Kurt > have tried it and it works.
Thanks fo help Harry
