Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com:
OK, I fixed the ACLs (I think), but it is still not working. I turned on verbose debugging for sssd[pam] and moderate debugging for slapd.
Here are my ACLs in /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif:
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn=uid=heller,ou=People,dc=deepsoft,dc=com write by * none olcAccess: {1}to * by dn=uid=heller,ou=People,dc=deepsoft,dc=com write by * read
There are also these olcAccess entries:
in /etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif:
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" manage by * none
and in /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif:
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" read by dn.base="cn=Manager,dc=deepsoft,dc=com" read by * none
[...]
You may run slapd in debugging mode 128.
-Dieter