Hi folks,
i have just installed openldap and i am having trouble to understand access
directive:
I have 6 access rules :
################################################################################
# access definition on ou=people,dc=ufv,dc=br
################################################################################
access to dn.one="ou=people,dc=ufv,dc=br" attrs=userPassword
by self read
by dn.base="cn=mail,ou=appsrv,dc=ufv,dc=br" read
by anonymous auth
by * none
access to dn.one="ou=people,dc=ufv,dc=br" attrs=uid,homeDirectory
by self read
by dn.base="cn=mail,ou=appsrv,dc=ufv,dc=br" read
by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read
access to dn.one="ou=people,dc=ufv,dc=br"
attrs=cn,uidNumber,gidNumber,loginShell,gecos,description
by self read
by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read
access to dn.one="ou=people,dc=ufv,dc=br"
attrs=mail,mailMessageStore,mailAlternateAddress,qmailUID,qmailGID,mailHost,mailForwardingAddress,deliveryProgramPath,qmailDotMode,deliveryMode,mailReplyText,accountStatus,qmailAccountPurge,mailQuotaSize,mailQuotaCount,mailSizeMax
by self read
by dn.base="cn=mail,ou=appsrv,dc=ufv,dc=br" read
access to dn.one="ou=people,dc=ufv,dc=br"
by self read
by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read
by dn.base="cn=mail,ou=appsrv,dc=ufv,dc=br" read
access to dn.base="ou=people,dc=ufv,dc=br"
by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read
by dn.base="cn=mail,ou=appsrv,dc=ufv,dc=br" read
I have some rules, as you can see, giving acess to certain attributes of
anything below (one level) ou=people,dc=ufv,dc=br. I have another rule
given access to everything on the same level, this is the rule 5th.
Everything works ok, for instance:
sioux@gustav$ ldapsearch -b uid=sioux,ou=people,dc=ufv,dc=br homedirectory
SASL/GSSAPI authentication started
SASL username: sioux(a)UFV.BR
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <uid=sioux,ou=people,dc=ufv,dc=br> with scope subtree
# filter: (objectclass=*)
# requesting: homedirectory
#
# sioux, people, ufv.br
dn: uid=sioux,ou=people,dc=ufv,dc=br
homeDirectory: /home/sioux
# search result
search: 5
result: 0 Success
# numResponses: 2
# numEntries: 1
sioux@gustav$
But if i comment the 5th rule (I keep the others, giving access to the
homedirectory attribute), it does not work:
sioux@gustav$ ldapsearch -b uid=sioux,ou=people,dc=ufv,dc=br homedirectory
SASL/GSSAPI authentication started
SASL username: sioux(a)UFV.BR
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <uid=sioux,ou=people,dc=ufv,dc=br> with scope subtree
# filter: (objectclass=*)
# requesting: homedirectory
#
# search result
search: 5
result: 32 No such object
# numResponses: 1
sioux@gustav$
Does anybody here know why ?
Thanks in advance.