Gabriel,
Yes I tried but the result remains the same.
Thanks for your response,
Gabriel Stein wrote:
Vincent,
You tried to put this rules before the others access control rules?
Keep in touch.
Hugs,
On 5/22/07, Vincent Batoufflet vincent@buf.fr wrote:
Hi everyone,
I try to setup some access rules for some openldap servers but I am experiencing some difficulties with Access Control Entries.
I want to allow anonymous access to a specific branch of my ldap tree (autofs mount points):
ou=mount,o=organization,dc=domain,dc=com
This rule works perfectly if I comment all others rules, but when at least one of them is commented out, it isn't working anymore.
Do you have any idea ?
Thanks.
See above my ldap access rules: # Default access rule defaultaccess search
# Access to passwords access to attrs=userPassword by dn="cn=replication,ou=role,dc=domain,dc=com" write by dn="cn=system,ou=role,dc=domain,dc=com" read by dn="cn=ftp-client,ou=role,dc=domain,dc=com" read by self write by * auth
# FTP access access to dn.subtree="ou=ftp,o=organization,dc=domain,dc=com" by dn="cn=replication,ou=role,dc=domain,dc=com" write by dn="cn=ftp-manager,ou=role,dc=domain,dc=com" read by dn="cn=ftp-client,ou=role,dc=domain,dc=com" read
# AutoFS access acces to dn.subtree="ou=mount,o=organization,dc=domain,dc=com" by dn="cn=replication,ou=role,dc=domain,dc=com" write by anonymous read
# Global accesses access to * by dn="cn=replication,ou=role,dc=domain,dc=com" write by dn="cn=system,ou=role,dc=domain,dc=com" read by dn="cn=extranet,ou=role,dc=domain,dc=com" read
# Access to the base (prevent SASL problems) access to dn.base="" by * read
-- Vincent Batoufflet
Buf Compagnie 3 rue Roquepine 75008 Paris, FRANCE tel +33 1 42 68 18 28 - fax +33 1 42 68 18 29
Vincent Batoufflet writes:
# AutoFS access acces to dn.subtree="ou=mount,o=organization,dc=domain,dc=com"
^^^^^ Missing 's'.
Also, test slapd with loglevel 0x3C0 (see "loglevel" in man slapd.conf), or 'slapd -d 0x3C0 ...' so you can see what happens.
Hallvard B Furuseth wrote:
Vincent Batoufflet writes:
# AutoFS access acces to dn.subtree="ou=mount,o=organization,dc=domain,dc=com"
^^^^^ Missing 's'.
Also, test slapd with loglevel 0x3C0 (see "loglevel" in man slapd.conf), or 'slapd -d 0x3C0 ...' so you can see what happens.
Hi,
I feel really such an idiot, thanks a lot.
openldap-software@openldap.org