Why not adjust your logLevel to include ACL processing, its usually very informative.
On Jul 4, 2011, at 1:23 PM, Friedrich Locke wrote:
> This is for learning purposes, the password will not be that one on a
> production system.
> ypldap access is just before any other more restrictive.
>
> My questions still remains: how may i have a listing of entry directly
> below (one level only) a given base ?
> Searching with a filter is interest too. But i am being prevented.
> Does anybody here know how it could be done given my access rules on
> the prior email ?
>
> Thanks once more.
>
>
> On Mon, Jul 4, 2011 at 4:01 PM, Chris Jacobs <Chris.Jacobs(a)apollogrp.edu> wrote:
>> The ypldap access should be before the one that limits more - the more restrictive one will match first.
>>
>> If that account is intended as you main 'root'-ish account, it should probably be granted access to all right off the bat.
>>
>> Also: change your ldap password now. (I've done this; sent a password to the mailing list - dumb).
>>
>> - chris
>>
>> Chris Jacobs, Systems Administrator, Technology Services Group
>> Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc.
>> 2001 6th Ave | Ste 3200 | Seattle, WA 98121
>> phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661
>> email: chris.jacobs(a)apollogrp.edu
>>
>> ----- Original Message -----
>> From: openldap-technical-bounces(a)OpenLDAP.org <openldap-technical-bounces(a)OpenLDAP.org>
>> To: openldap-technical(a)openldap.org <openldap-technical(a)openldap.org>
>> Sent: Mon Jul 04 11:19:45 2011
>> Subject: cannot access entries
>>
>> Hi list members,
>>
>> i am trying to configure accesses to my ldap server, but i am doing
>> some wrong i am not aware about. The access list is below:
>>
>> access to dn.one="ou=appsrv,dc=ufv,dc=br" attrs=userpassword
>> by self read
>> by anonymous auth
>> by * none
>>
>> access to dn.one="ou=appsrv,dc=ufv,dc=br"
>> by self read
>> by * none
>>
>> access to dn.one="ou=people,dc=ufv,dc=br" attrs=userpassword
>> by self read
>> by anonymous auth
>> by * none
>>
>> access to dn.one="ou=people,dc=ufv,dc=br"
>> by self read
>> by dn.exact="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read
>> by * none
>>
>> access to dn.one="ou=group,dc=ufv,dc=br"
>> by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read
>> by * none
>>
>>
>> =======================================
>>
>> The command i am executing and its output is below
>>
>> sioux@gustav$ ldapsearch -x -w ypldapA4esuopdV -D
>> cn=ypldap,ou=appsrv,dc=ufv,dc=br -b ou=people,dc=ufv,dc=br -s one
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <ou=people,dc=ufv,dc=br> with scope oneLevel
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 32 No such object
>>
>> # numResponses: 1
>> sioux@gustav$
>>
>> Why am i not getting a list of entries below ou=people,dc=ufv,dc=br ?
>>
>> Thanks in advance.
>>
>>
>>
>> This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
>>
>>
>>
>