Duncan Brannen wrote:
I've cut most of my rules out to try and get somethingbasic to show the problem I'm having. Anonymous users eg the web server trying to match a uid to a dn, can't search the ou=People branch to get the entry which I'd thought the dn.subtree on ou=People would allow via the by * read line?
With the full acls (which have the attrs=userpassword line) I can authenticate and search fine but not search as an anonymous user which I could with 2.3.38, I'm now trying 2.4.7.
Search needs the privileges described in the OPERATION REQUIREMENTS section of slapd.access(5). You need to make sure anonymous has enough privileges, which apparently doesn't. Not sure what's the difference in this area between 2.3 and 2.4; I think the main differences were between 2.2 and 2.3.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------