Dear Marc

Thanks for your update. We are able to fix the issue.

Geo




Thanks & Regards
Geo P.C.
www.geopc.co.cc


On Tue, May 14, 2013 at 9:13 PM, Marc Patermann <hans.moser@ofd-z.niedersachsen.de> wrote:
Geo,

Geo P.C. schrieb (14.05.2013 16:05 Uhr):


But with this no user can able to login. But we change olcAccess: {3}to dn.subtree="ou=People,dc=prime,dc=ds,dc=geo,dc=com" by self write by * write , all users can login.

But actually we need is only the user1 need only to login to gitlab application. And the users user2 and user3 need only to login to zabbix application

Can anyone please help me to configure acl for this. Thanks in advance.
First: you should read "man slapd.access" carefully.

Second: a) Try to understand what your application wants to do and
        b) try to reproduce this with standard ldap tools like
                ldapsearch.

Point a) can be done be observing the slapd log for actions taken by your application or read the documentation of your application.
What usually happens, is:
- App bind with binddn (does this work?)
- bind user searches for a given uid under basedn (does this work?)
=> reproduce with ldapsearch -D -w -x -b ...
- If user is found by the search, App will bind as user with found dn.
  (does this work?)
=> reproduce with ldapsearch -D -w -x ...

After you know what really does happen, set the ACLs accordingly.
Test again.


Marc