Hello.
I installed openLDAP 2.3.24-1.
I would like to set-up ACls so that anonymous users could access some
attributes (mail, telephoneNumber, roomNumber...) as long their ip is
10.0.0.253 (comes from our private network).
Here is the list of all access controls with an arrow in front of the
one dedicated to the access mentioned above :
access to attrs=userPassword
by dn="cn=uniweb,ou=DSA,dc=femto-st,dc=org" write
by dn="cn=replicator,ou=DSA,dc=femto-st,dc=org" write
by anonymous auth
by self read
by * none
access to attrs=mailAlternateAddress,accountStatus,mailMessageStore
by dn="cn=uniweb,ou=DSA,dc=femto-st,dc=org" write
by dn="cn=mail,ou=DSA,dc=femto-st,dc=org" read
by dn="cn=replicator,ou=DSA,dc=femto-st,dc=org" write
by self read
by users read
by * none
access to attrs=mail,telephoneNumber,roomNumber,displayName,cn,sn,givenName
by dn="cn=uniweb,ou=DSA,dc=femto-st,dc=org" write
by dn="cn=mail,ou=DSA,dc=femto-st,dc=org" read
by dn="cn=replicator,ou=DSA,dc=femto-st,dc=org" write
by self read
by users read
==> by anonymous peername.ip=10.0.0.253 read
by * none
access to attrs=uid
by dn="cn=uniweb,ou=DSA,dc=femto-st,dc=org" write
by dn="cn=siteweb,ou=DSA,dc=femto-st,dc=org" read
by dn="cn=replicator,ou=DSA,dc=femto-st,dc=org" write
by self read
by users read
by * none
access to *
by dn="cn=replicator,ou=DSA,dc=femto-st,dc=org" write
by dn="cn=uniweb,ou=DSA,dc=femto-st,dc=org" write
by self read
by users read
by * none
I tried the command below
$> ldapsearch -x -ZZ -H "ldap://raven"; -b "dc=femto-st,dc=org" uid=toto mail
but it gives no result. And the logs don't give me any further information.
Has anybody an idea of what happens and why it does not work ?
Thank you for your answer.
Regards,
--
Emmanuel Aubert
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
