On Thu, Dec 15, 2022 at 03:02:00PM +0100, Stefan Kania wrote:
> --------------
> dn: cn=config
> changetype: modify
> replace: olcAuthzpolicy
> olcAuthzpolicy: any
> --------------
> Or do i have to set it inside the database for my object?
This is a global setting so that's the correct place.
> Then I changed the uid=lloadd to:
> -----------------------
> dn: uid=lloadd,ou=users,dc=example,dc=net
> objectClass: account
> objectClass: simpleSecurityObject
> objectClass: top
> uid: lloadd
> userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$MTIz..
> authzFrom: ldap:///dc=example,dc=net??sub?(uid=*)
> -----------------------
>
> But still not working. I also try it with "authzTo", but same result. As I
> read in man slapd.conf. At the beginning I just whant to get it working,
> then comes the security part. So I allow all uids.
Should be authzTo if you're adding it to the lloadd's identity, are you
sure uid=lloadd,ou=users,dc=example,dc=net has 'auth' (+x) access to
dc=example,dc=net and the uid attribute on the subtree?
Regards,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP
