On Fri, Sep 22, 2017 at 10:45 AM, Robert Heller <[email protected]> wrote:
> At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= < > [email protected]> wrote: > > > > > Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT) > > schrieb Robert Heller <[email protected]>: > > [...] > > > > > Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask: > [1] > > > mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com > > > slapd[17535]: =3D> slap_access_allowed: search access granted by > > > write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: > > > =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21 > > > 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11 > SEARCH > > > RESULT tag=3D101 err=3D0 nentries=3D0 text=3D > > [...] > > > > You should find out why operation 11 results in 0 entries. > > Operation 11 *seems* to be fetching the uid, using self, which has write > access, which implies read access, which seems to work just fine, using > ldapsearch from the command line: > > [heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com > -W -LLL '(uid=test2user)' uid > Enter LDAP Password: > dn: uid=test2user,ou=People,dc=deepsoft,dc=com > uid: test2user > I haven't checked your logs, so apologies if the answers to my points are in there. Is your search above the same search done by the tool? Consider: - base: where does the search start? dc=deepsoft,dc=com? ou=People? - type of search: base, one, sub - search filter: is (uid=test2user) the only filter? Usually there are objectClass filters together with that
