Hello First of all thanks to Emmanuel Lecharny for his quick response to my previous thread, and pointing me out my "little" confusion. Keep up the good work all of you! Now here comes my problem. Having set my LDAP correctly and having connected to it using Apache Directory Studio 1.5.3 everything seems all right. I can connect with the admin and the other users. I change my slapd.conf to introduce some ACL's. Checking them in the command line they work OK. But when I try to connect using the Apache Directory Studio I;m only able to do it using the manager (the rest have "Invallid credentials"). I hope you can help me. I'm pasting the LDIF and the ACL part of my slapd.conf (it's checked and working ok):
LDIF: dn: dc=example,dc=com objectClass: extensibleObject objectClass: domain objectClass: top dc: lagantest dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Groups dn: ou=Users,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Users dn: ou=Cuba,ou=Groups,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Cuba dn: cn=Cuba Users,ou=Cuba,ou=Groups,dc=example,dc=com objectClass: groupOfUniqueNames objectClass: top cn: Cuba Users uniqueMember: cn=John Doe,ou=Cuba,ou=Users,dc=example,dc=com uniqueMember: cn=Master Admin,ou=Administrators,ou=Users,dc=example,dc=com dn: ou=Cuba,ou=Users,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Cuba dn: ou=Administrators,ou=Users,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Administrators dn: cn=John Doe,ou=Cuba,ou=Users,dc=example,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top cn: John Doe sn: Doe displayName: John Doe givenName: John mail: [email protected] userPassword: 12345678 dn: cn=Master Admin,ou=Administrators,ou=Users,dc=example,dc=com objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top cn: Admin sn: Master displayName: Master Admin givenName: Master mail: [email protected] userPassword: admin dn: cn=Administrators,ou=Cuba,ou=Groups,dc=example,dc=com objectClass: groupOfUniqueNames objectClass: top cn: Administrators uniqueMember: cn=John Doe,ou=Cuba,ou=Users,dc=example,dc=com uniqueMember: cn=Master Admin,ou=Administrators,ou=Users,dc=example,dc=com ---------------------------------------------------------------------------------------------------------- ACL: access to dn.subtree="ou=Cuba,ou=Users,dc=example,dc=com" by group/groupofuniquenames/uniquemember="cn=Administrators,ou=Cuba,ou=Groups,dc=example,dc=com" write by users read ---------------------------------------------------------------------------------------------------------- One example of this working is: /usr/local/sbin/slapacl -f /usr/local/etc/openldap/slapd.conf -b "cn=John Doe,ou=Cuba,ou=Users,dc=example,dc=com" -D "cn=Master Admin,ou=Administrators,ou=Users,dc=example,dc=com" "mail/write:" bdb_monitor_db_open: monitoring disabled; configure monitor database to enable authcDN: "cn=Master Admin,ou=Administrators,ou=Users,dc=example,dc=com" write access to mail=: ALLOWED /usr/local/sbin/slapacl -f /usr/local/etc/openldap/slapd.conf -b "cn=Master Admin,ou=Administrators,ou=Users,dc=example,dc=com" -D "cn=John Doe,ou=Cuba,ou=Users,dc=example,dc=com" "mail/write:" bdb_monitor_db_open: monitoring disabled; configure monitor database to enable authcDN: "cn=John Doe,ou=Cuba,ou=Users,dc=example,dc=com" write access to mail=: DENIED /usr/local/sbin/slapacl -f /usr/local/etc/openldap/slapd.conf -b "cn=Master Admin,ou=Administrators,ou=Users,dc=example,dc=com" -D "cn=John Doe,ou=Cuba,ou=Users,dc=example,dc=com" "mail/read:" bdb_monitor_db_open: monitoring disabled; configure monitor database to enable authcDN: "cn=John Doe,ou=Cuba,ou=Users,dc=example,dc=com" read access to mail=: ALLOWED Thanks Juan Jose Aragones
