I'm having a problem with access control lists in slapd.conf. The
filter doesn't seem to be working in OpenLDPA 2.4.23 using syntax that
worked in 2.3.43. I've simplified my tests down to a single ACL rule
just to see if it's working, and this is what I'm finding:
I'm trying this ACL:
access to dn.subtree="ou=users,dc=companyname,dc=com"
filter="(objectClass=person)"
by * read
I tried an anonymous search using this command:
ldapsearch -h 1.2.3.4 -x -b ou=users,dc=companyname,dc=com
And it returned the following:
# search result
search: 2
result: 32 No such object
I tried the same with the same ACL as above with the filter set to
"(uid=*)", and got the same problem (note that all users have a uid
value set). However, I tried with the filter set to "(objectClass=*),
and it returned all users as I would expect.
Has anything changed with ACL syntax between OpenLDAP 2.3 and 2.4? Or
do you see any problems with the syntax of my ACL line above?
Thanks.
Darren
