Thanks for the version info, I have now compiled and installed 2.6.3. Here is my slapd.ldif with the password redacted ...
# # See slapd-config(5) for details on configuration options. # This file should NOT be world readable. # dn: cn=config objectClass: olcGlobal cn: config # # # Define global ACLs to disable default read access. # olcArgsFile: /usr/local/var/run/slapd.args olcPidFile: /usr/local/var/run/slapd.pid # # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #olcReferral: ldap://root.openldap.org # # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 64-bit encryption for simple bind #olcSecurity: ssf=1 update_ssf=112 simple_bind=64 # # Load dynamic backend modules: # dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/local/libexec/openldap olcModuleload: back_mdb.la #olcModuleload: back_ldap.la #olcModuleload: back_passwd.la dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema include: file:///usr/local/etc/openldap/schema/core.ldif #moose include: file:///usr/local/etc/openldap/schema/cosine.ldif include: file:///usr/local/etc/openldap/schema/nis.ldif include: file:///usr/local/etc/openldap/schema/inetorgperson.ldif # Frontend settings # dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcAccess: {0}to dn.base="" by * read olcAccess: {1}to dn.base="cn=Subschema" by * read olcDatabase: frontend # # Sample global access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # #olcAccess: to dn.base="" by * read #olcAccess: to dn.base="cn=Subschema" by * read #olcAccess: to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! # ####################################################################### # LMDB database definitions ####################################################################### # dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: mdb olcDbMaxSize: 1073741824 olcSuffix: dc=my-domain,dc=com olcRootDN: cn=Manager,dc=my-domain,dc=com # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd-config(5) for details. # Use of strong authentication encouraged. olcRootPW: PASSWORDNOTHERE # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. olcDbDirectory: /usr/local/var/openldap-data # Indices to maintain olcDbIndex: objectClass eq dn: olcDatabase=monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: monitor olcRootDN: cn=config olcMonitoring: FALSE dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: mdb olcDbDirectory: /var/lib/ldap olcSuffix: ou=people,o=emich.edu olcAccess: {0}to attrs=userPassword by self write by * auth olcAccess: {1}to attrs=shadowLastChange by self write by * read olcAccess: {2}to attrs=userPKCS12 by self read by * none olcAccess: {3}to * by * read olcRootDN: cn=Administrator,ou=people,o=emich.edu olcDbCacheSize: 10000 olcDbCheckpoint: 1024 5 olcDbMaxSize: 1073741824 olcSizeLimit: 50000 #olcDbConfig: {0}set_cachesize 0 15000000 1 #olcDbConfig: {1}set_lg_regionmax 262144 #olcDbConfig: {2}set_lg_bsize 2097152 #olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE #olcDbConfig: {4}set_lk_max_locks 30000 #olcDbConfig: {5}set_lk_max_objects 30000 #olcDbIDLcacheSize: 30000 olcDbIndex: objectclass eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: member eq olcDbIndex: memberUid eq olcDbIndex: mail eq olcDbIndex: cn eq,sub olcDbIndex: displayName eq,sub olcDbIndex: uid eq,sub olcDbIndex: sn eq,sub olcDbIndex: givenName eq,sub structuralObjectClass: olcMdbConfig entryUUID: b3baae2c-f8f6-1035-90eb-91daf978c9c3 creatorsName: cn=config createTimestamp: 20160817184650Z olcRootPW:: PASSWORDNOTHERE entryCSN: 20160919185226.957088Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20160919185226Z Thanks, Matt On Tue, Feb 7, 2023 at 10:03 AM Quanah Gibson-Mount <[email protected]> wrote: > > > --On Monday, February 6, 2023 4:58 PM -0500 Matthew Goebel > <[email protected]> wrote: > > directory8.emich.edu : redhat ES 8 : hand rolled from source code ldap > > > > [[email protected]:/root]# /usr/local/libexec/slapd -V > > > > @(#) $OpenLDAP: slapd 2.6.X (Nov 15 2022 16:59:29) $ > > That's the engineering branch. It's not advised to run development code > in > production. > > > I can't seem to do global anonymous searches? > > > > I don't understand ldap well enough to figure out what step or config > > > > I've missed. > > > > compile options used for openldap were > > > compile options should be irrelevant, this would be an ACL issue. You've > not provided any information about the ACLs the deployment uses. > > --Quanah > > > > -- Matthew Goebel : m <[email protected]>[email protected] : Unix Jockey @ EMU : Hail Eris Neo-Student, Net Lurker, Donut consumer, and procrastinating medher... "Always with the negative waves, Moriarty" - Oddball "Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer
