On Fri, Jan 19, 2007 at 07:16:39PM -0500, Aaron Richton wrote: > >I get problems with access control, however, that prevent it from working. > > Yes...given > >access to * by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write > >access to * by * none
Think what you need here is
access to *
by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write
by * break
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to *
by * none
the difference is the first wil give uid=slurp root like access to every think.
the by * break, say even thought you have match * if youhave gotten to this
line break out of this statement and continue processing.
The second one governs userPassword - give anon user the right to authenticate
and the bottom (last) default one says everything else by everyone else is none
>
> >The problem is I cannot access the slave database with
> >dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx".
> because you have no access for anonymous to auth to uid=slurp.
>
> >slave# ldapsearch -w xxxxxxx -D 'uid=slurp,ou=users,dc=xxxxxxxx,dc=xx' -b
> >'dc=xxxxxxxxx,dc=xx' -d 255
>
> Debugging on the client isn't going to be too informative here. Try "slapd
> -d acl" perhaps.
>
signature.asc
Description: Digital signature
