Hi, On Sat, Feb 05, 2005 at 11:33:39PM +0300, Alexander Zubkov wrote: > Yeah! I did it, thanks all, who helped. > Searching for "rootDSE" in Internet showed that it is exported by LDAP > server as other data (in common words) so access control are applied to > it too. And my hands ( lame ;) ) wrote at the end of slapd.conf: > access dn=".*,dc=domain,dc=my" by * read > But rootDSE, of course not subtree of this! And LDAP, honestly, denied > access to it. So the solution was: > access to * by * read
It is much better to set
access to dn.base="" by * read
to prevent to open potential security gap. The above ACL only allows
world-read access to the root-dse and not to all other non-matched content
of your entire DIT.
Thanks,
Guenther
--
Guenther Deschner Samba Team
SerNet GmbH - Goettingen [EMAIL
PROTECTED],org
[EMAIL PROTECTED]
pgpFSezepSgEw.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
