Am Thu, 30 Dec 2010 15:14:34 +0000 schrieb rui <[email protected]>:
> Hi, > > This is the output after doing "-d 128" > http://pastebin.com/6Jb9j7F7 > > my latest slapd.conf is this: > ########################################################################### > # # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. # > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/dyngroup.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/misc.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/openldap.schema > > ####################################################################### > # bdb database definitions > ####################################################################### > database bdb > suffix "o=M1,c=GB" > rootdn "uid=root,ou=People,o=M1,c=GB" > rootpw test123 > directory /var/lib/ldap > > # Indices to maintain > index objectClass,uid,uidNumber,gidNumber eq > index cn,mail,surname,givenname eq,subinitial > > ## logging. > #loglevel acl > > access to attrs=userPassword > by self write > by dn="uid=root,ou=People,o=M1,c=GB" write > by * auth > > access to * > by self write > by users read > by anonymous auth The warnings in the debugging output (no by clauses specified) should have raised your attention. The way access rules are written, is bogus. Access rules have to be put on a single line, but this line may have continuations. The manual page slapd.access(5) and the admin guide http://www.openldap.org/doc/admin24/access-control.html give a good idea on how access rules should be written. -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
