Hello,
I just need to allow a simple "bind" user to be able the perform the
authenticated searches in the tree, while allowing all other users to
consult their data without being able to modify them. So I have set
the following primitive access rules:
------------------------------
olcAccess: {0}to attrs=userPassword
by self write
by dn.base="cn=Manager,dc=example,dc=com" write
by anonymous auth
by * none"
olcAccess: {1}to *
by self read
by dn.base="cn=Manager,dc=example,dc=com" write
by dn="uid=binduser,ou=Users,dc=example,dc=com" read
-------------------------------
With these settings, I can in fact perform authenticated searches as
dn="uid=binduser,ou=Users,dc=example,dc=com" with filter uid=username.
But the weird thing is that all other non-privileged users cannot see
their own data, although I have added "to * by self read"..
What am I missing? Thanks ahead for any comment!
Andy.