Dieter Kluenter wrote:
> Jittinan Suwanrueangsri <[email protected]> writes:
>
>
>> Dieter Kluenter wrote:
>>
>> Jittinan Suwanrueangsri <[email protected]> writes:
>>
>
>
>> access to attrs=userPassword
>> by self write
>> by anonymous auth
>> by * none
>> access to dn.subtree="ou=System,dc=example,dc=com"
>> by group/groupOfUniqueNames/uniqueMember="cn=Ldap
>> Admins,ou=Groups,dc=example,dc=com" write
>> by users read
>>
>> access to *
>> by self write
>> by users read
>> by * none
>>
>
> This access rules will not allow anonymous auth access to basedn special
> attribute entry,
>
>
>> => hdb_dn2id("uid=matt,ou=users,dc=example,dc=com")
>> <= hdb_dn2id: got id=0x5
>> entry_decode: ""
>> <= entry_decode()
>> send_ldap_result: conn=0 op=1 p=3
>> SASL [conn=0] Failure: no secret in database
>> send_ldap_result: conn=0 op=1 p=3
>> send_ldap_response: msgid=2 tag=97 err=49
>> ber_flush2: 62 bytes to sd 16
>> <== slap_sasl_bind: rc=49
>>
> [...]
>
> sasl reports 'no secret in database, check your access rules!
> [...]
>
> Please run slapd in debugging mode acl, this will show you the applied
> access rules. You should see something like this:
>
>
>> acl_mask: access to entry "o=avci,c=de", attr "entry" requested
>>
> => acl_mask: to all values by "", (=0)
> <= check a_dn_pat: users
> <= check a_dn_pat: anonymous
> <= acl_mask: [3] applying auth(=xd) (stop)
> <= acl_mask: [3] mask: auth(=xd)
> => slap_access_allowed: auth access granted by auth(=xd)
> [...]
>
>> acl_mask: access to entry "cn=admanager,o=avci,c=de", attr "objectClass"
>> requested
>>
> => acl_mask: to all values by "", (=0)
> <= check a_dn_pat: users
> <= check a_dn_pat: anonymous
> <= acl_mask: [3] applying auth(=xd) (stop)
> <= acl_mask: [3] mask: auth(=xd)
> [...]
> => access_allowed: auth access to "cn=admanager,o=avci,c=de" "userPassword"
> requested
> => acl_get: [1] attr userPassword
> [...]
>
>
>
>
problems come from acl .Thank you.
