Am Wed, 20 Sep 2017 14:20:54 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com:
At Wed, 20 Sep 2017 19:30:17 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= dieter@dkluenter.de wrote:
Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com:
OK, I fixed the ACLs (I think), but it is still not working. I turned on verbose debugging for sssd[pam] and moderate debugging for slapd. =20 Here are my ACLs in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{2}hdb.ldif: =20 olcAccess: {0}to attrs=3DuserPassword by self write by anonymous auth by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write by * none olcAccess: {1}to * by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write by * read =20 There are also these olcAccess entries: =20 in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{0}config.ldif: =20 olcAccess: {0}to * by dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D=
auth"
manage by * none =20 and in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{1}monitor.ldif: =20 olcAccess: {0}to * by dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D=
auth"
read by dn.base=3D"cn=3DManager,dc=3Ddeepsoft,dc=3Dcom" read by * none
[...]
You may run slapd in debugging mode 128.
How do I do that using the "new" configuration method in /etc/openldap/slapd.d?
I added:
logLevel: 128
to the end of /etc/openldap/slapd.d/cn=config.ldif
But it does not like it:
[...]
man slapd(8), $(EXECDIR)/slapd -h ldap:/// -F $(CONFIGDIR)/slapd.d -u $USER -g $GROUP -d 128
-Dieter