On Fri, Apr 5, 2013 at 1:11 PM, Quanah Gibson-Mount <[email protected]>wrote:
> --On Friday, April 05, 2013 12:46 PM -0700 Dark Morford < > [email protected]> wrote: > > I'm setting up my first LDAP server; just using it as an auth provider >> for Apache until I'm more comfortable with things. I was able to get it >> up and running with a few user entries, but I can't get anonymous >> searching to work the way I want. >> >> It's configured (cn=config) style, and the ACLs are: >> {0}to attrs=uid by anonymous read by users read >> {1}to attrs=userPassword by anonymous auth by self write >> {2}to * by users read >> > > access to entry by * read needs to be in there too before {2}. > > --Quanah > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > Adding the access entry exactly like you have it gave me an error; I managed to figure out that it needed to be 'to attrs=entry by * read'. And now it seems to be working, so thanks for that. I'm not sure I understand why it's necessary, though. The client service (Apache) just needs to find out if a particular uid exists. Why does it need access to the whole entry?
