>
> olcAccess {3}to dn.subtree="dc=site" filter=(objectclass=*)
> attrs=cn,email,entry,objectClass,uid by * read
>
> works ok, changing the olcAccess filter to e.g. person
>
> olcAccess {3}to dn.subtree="dc=site" filter=(objectclass=person)
> attrs=cn,email,entry,objectClass,uid by * read
>
> gives no results
Given that this is specifically tested by test006, and this test routinely
passes, and considering how incomplete your report is, I recommend you
provide a means to easily reproduce the issue (e.g. detailed slapd.conf,
LDIF data and details about the unsuccessful operation) in order to have
this issue report processed further.
p.
Hello p.,
so, if I got you right, this 'test006' states, that this must be a
configuration error and I better move on to the support Mailinglist
or somewhere else.
If this should not be the case, here's what i've got:
There's no slapd.conf, it's empty
# {1}hdb, config
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=site
olcRootDN: cn=admin,dc=site
olcRootPW: xxxxxxxxxxxxxxxx
olcDbCacheSize: 10000
olcDbCheckpoint: 1024 5
olcDbIDLcacheSize: 30000
olcDbIndex: objectclass eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: member eq
olcDbIndex: memberUid eq
olcDbIndex: mail eq
olcDbIndex: cn eq,sub
olcDbIndex: displayName eq,sub
olcDbIndex: uid eq,sub
olcDbIndex: sn eq,sub
olcDbIndex: givenName eq,sub
olcAccess: {0}to attrs=userPassword by self write by * auth
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to attrs=userPKCS12 by self read by * none
olcAccess: {3}to dn.subtree="dc=site" filter=(objectclass=inetOrgPerson) attrs
=cn,email,entry,objectClass,uid by * read
olcAccess: {4}to * by * none
I've only access to the test system now, so the dc and objectclass is different.
Here is the only user:
# test, people, site
dn: uid=test,ou=people,dc=site
cn: test test
gidNumber: 100
givenName: test
homeDirectory: /home/test
loginShell: /bin/bash
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
sn: test
uid: test
uidNumber: 1001
If I do an ldapsearch -x -b ou=people,dc=site or as test User
there are no results.
What I want to achieve is Anonymous and User read access only to
inetOrgPerson Entries and special attributes, nothing else. No groupOfNames or device
Entries in the subtree.
Regards
Hellweiss
--
NEU: Mit GMX DSL über 1000,- ¿ sparen!
http://portal.gmx.net/de/go/dsl02