Why not adjust your logLevel to include ACL processing, its usually very informative. On Jul 4, 2011, at 1:23 PM, Friedrich Locke wrote:
> This is for learning purposes, the password will not be that one on a > production system. > ypldap access is just before any other more restrictive. > > My questions still remains: how may i have a listing of entry directly > below (one level only) a given base ? > Searching with a filter is interest too. But i am being prevented. > Does anybody here know how it could be done given my access rules on > the prior email ? > > Thanks once more. > > > On Mon, Jul 4, 2011 at 4:01 PM, Chris Jacobs <[email protected]> > wrote: >> The ypldap access should be before the one that limits more - the more >> restrictive one will match first. >> >> If that account is intended as you main 'root'-ish account, it should >> probably be granted access to all right off the bat. >> >> Also: change your ldap password now. (I've done this; sent a password to the >> mailing list - dumb). >> >> - chris >> >> Chris Jacobs, Systems Administrator, Technology Services Group >> Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. >> 2001 6th Ave | Ste 3200 | Seattle, WA 98121 >> phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 >> email: [email protected] >> >> ----- Original Message ----- >> From: [email protected] >> <[email protected]> >> To: [email protected] <[email protected]> >> Sent: Mon Jul 04 11:19:45 2011 >> Subject: cannot access entries >> >> Hi list members, >> >> i am trying to configure accesses to my ldap server, but i am doing >> some wrong i am not aware about. The access list is below: >> >> access to dn.one="ou=appsrv,dc=ufv,dc=br" attrs=userpassword >> by self read >> by anonymous auth >> by * none >> >> access to dn.one="ou=appsrv,dc=ufv,dc=br" >> by self read >> by * none >> >> access to dn.one="ou=people,dc=ufv,dc=br" attrs=userpassword >> by self read >> by anonymous auth >> by * none >> >> access to dn.one="ou=people,dc=ufv,dc=br" >> by self read >> by dn.exact="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read >> by * none >> >> access to dn.one="ou=group,dc=ufv,dc=br" >> by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read >> by * none >> >> >> ======================================= >> >> The command i am executing and its output is below >> >> sioux@gustav$ ldapsearch -x -w ypldapA4esuopdV -D >> cn=ypldap,ou=appsrv,dc=ufv,dc=br -b ou=people,dc=ufv,dc=br -s one >> # extended LDIF >> # >> # LDAPv3 >> # base <ou=people,dc=ufv,dc=br> with scope oneLevel >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # search result >> search: 2 >> result: 32 No such object >> >> # numResponses: 1 >> sioux@gustav$ >> >> Why am i not getting a list of entries below ou=people,dc=ufv,dc=br ? >> >> Thanks in advance. >> >> >> >> This message is private and confidential. If you have received it in error, >> please notify the sender and remove it from your system. >> >> >> >
