At Wed, 20 Sep 2017 19:30:17 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= <[email protected]> wrote:
> > Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT) > schrieb Robert Heller <[email protected]>: > > > OK, I fixed the ACLs (I think), but it is still not working. I > > turned on verbose debugging for sssd[pam] and moderate debugging for > > slapd. > >=20 > > Here are my ACLs > > in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{2}hdb.ldif: > >=20 > > olcAccess: {0}to attrs=3DuserPassword > > by self write > > by anonymous auth > > by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write > > by * none > > olcAccess: {1}to * > > by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write > > by * read > >=20 > > There are also these olcAccess entries: > >=20 > > in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{0}config.ldif: > >=20 > > olcAccess: {0}to * by > > dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D= > auth" > > manage by * none > >=20 > > and in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{1}monitor.ldif: > >=20 > > olcAccess: {0}to * by > > dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D= > auth" > > read by dn.base=3D"cn=3DManager,dc=3Ddeepsoft,dc=3Dcom" read by * none > [...] > > You may run slapd in debugging mode 128. How do I do that using the "new" configuration method in /etc/openldap/slapd.d? I added: logLevel: 128 to the end of /etc/openldap/slapd.d/cn=config.ldif But it does not like it: Sep 20 13:59:47 c764guest.deepsoft.com slapd[32362]: UNKNOWN attributeDescription "LOGLEVEL" inserted. The documentaion talks about loglevel in slapd.conf, but I am not using slapd.conf... > > -Dieter > > --=20 > Dieter Kl=C3=BCnter | Systemberatung > http://sys4.de > GPG Key ID: E9ED159B > 53=C2=B037'09,95"N > 10=C2=B008'02,42"E > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services [email protected] -- Webhosting Services
