On Sun, Jan 21, 2007 at 07:59:40PM +0100, Andrea Venturoli wrote:
Aaron Richton wrote:
I get problems with access control, however, that prevent it from working.
Yes...given
access to * by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write access to * by * none
The problem is I cannot access the slave database with dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx".
because you have no access for anonymous to auth to uid=slurp.
Ok, but I can't seem to get out of this, even after reading the docs again!
Now I tried:
access to * by dn="uid=slurp,ou=users,dc=biolchim,dc=in" write access to * by * auth #access to * by * none
That will not work either. The way the acl works is it starts at the top and works down. When the slave system tries to log in it will try to authenticate against the master server with your provided credentials. it will try to authenticate against the userPassword record.
When it evals it it matches the first line (access to *), but you only have 1 by clause associated with it and that belongs to uid=slurp. It will never eval to the 2nd access line cause it was satisfied with line 1.
add before your first access
access to attrs=userPassword by self write by anonymous auth by * none
but this won't improve my situation a bit. What should I write here?
Debugging on the client isn't going to be too informative here. Try "slapd -d acl" perhaps.
Tried that too, but I get info on succesful binds and nothing when I try with user slurp.
bye & Thanks av.