On Fri, Jan 19, 2007 at 07:16:39PM -0500, Aaron Richton wrote:
I get problems with access control, however, that prevent it from working.
Yes...given
access to * by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write access to * by * none
Think what you need here is
access to * by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write by * break
access to attrs=userPassword by anonymous auth by self write by * none
access to * by * none
the difference is the first wil give uid=slurp root like access to every think. the by * break, say even thought you have match * if youhave gotten to this line break out of this statement and continue processing.
The second one governs userPassword - give anon user the right to authenticate
and the bottom (last) default one says everything else by everyone else is none
The problem is I cannot access the slave database with dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx".
because you have no access for anonymous to auth to uid=slurp.
slave# ldapsearch -w xxxxxxx -D 'uid=slurp,ou=users,dc=xxxxxxxx,dc=xx' -b 'dc=xxxxxxxxx,dc=xx' -d 255
Debugging on the client isn't going to be too informative here. Try "slapd -d acl" perhaps.