> Dear all, > > I have a setup of **OpenLDAP v2.3** which I am using for last few years. > Following are the lines in `slapd.conf` for access control. > > access to dn.one="o=abc, c=IN" > by * read > > access to dn.base="o=abc, c=IN" > by * none > > When I do ldapsearch using anonymous bind gives me result. > > For example following command gives result. > > ldapsearch -x -h localhost -b "o=abc,c=IN" > > Now I upgraded the OS, CentOS from 5.5 to 6.3 so the version of OpenLDAP > is > **OpenLDAP v2.4**. We have not changed the schema. > > But now the same `ldapsearch` gives me `result: 32 No such object` error. > > But it works when I added following line in access control configuration. > > access to dn.one="o=abc, c=IN" > by * read > > access to dn.base="o=abc, c=IN" > by anonymous read > by * none > > > What can be the reason? Is there any security risk in doing so?
man slapd.access(5): [...] The search operation, requires search (=s) privileges on the entry pseudo-attribute of the searchBase (NOTE: this was introduced with OpenLDAP 2.4). [...] p. > > Thank you. > > -- > Regards, > Sachin Divekar > -- Pierangelo Masarati Associate Professor Dipartimento di Ingegneria Aerospaziale Politecnico di Milano
