hi everyone,
I made a previous post, but noone answered, so I try again :)
I'm trying to deploy a meta directory using the OpenLdap meta backend.
I'm using the slapd Etch Debian package, version 2.3.27-1
when my target server includes the next ACL, eveything is fine, I can retrieve any data by the meta directory using ldapsearch, it works fine
##
access to attrs=userPassword by dn="cn=admin,dc=toto,dc=fr" write by anonymous auth by self write by * none
and
access to * by dn="cn=admin,dc=toto,dc=fr" write by * read
##
but I want only authentified connections (no anonymous bind, if i'm right) to have read access, so I change the ACL like that
##
access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=toto,dc=fr" write by anonymous auth by self write by * none
and
access to * by dn="cn=admin,dc=toto,dc=fr" write by self read by anonymous auth by * none ##
So, for this target, i'm adding the acl-authcDN and acl-passwd directives to the meta directory, with the target's rootdn and rootpw values, in order to enable ACL checking and matching (in that case, the write privilege for dn="cn=admin,dc=toto,dc=fr")
giving this in the meta backend conf
## database meta
suffix "dc=meta-ufr-info-p7,dc=jussieu,dc=fr"
uri "ldap://localhost:389/dc=meta-ufr-info-p7,dc=jussieu,dc=fr" suffixmassage "dc=meta-ufr-info-p7,dc=jussieu,dc=fr" "dc=toto,dc=fr"
acl-authcDN "cn=admin,dc=toto,dc=fr" acl-passwd "xxxxx" ##
But at this moment, I can't retrieve any data anymore, as I perform an ldapsearch by the meta directory ....
Is there anything wrong in my conf ?
the slapd-meta man page says about acl-authcDN directives : "it is supposed to have read access on the target server to attributes used on the proxy for acl checking."
what does that mean exactly ? :)
Thanks.