--On Tuesday, January 12, 2016 2:55 PM -0500 Katherine Faella kmf@uri.edu wrote:
Hi Kathy,
I was afraid you were going to ask that. We are running the Redhat 6 supported 2.4.40-7.el6_7. We have a policy here of sticking with the redhat supported releases of packages since our staff is so small.
Extremely ill advised for a number of reasons. I'd suggest using the LTB project software instead, since it actually links to secure TLS software. 2.4.40 had some serious bugs as well. You can set up the LTB software via their YUM repository.
http://ltb-project.org/wiki/download#openldap http://ltb-project.org/wiki/documentation/openldap-rpm#yum_repository
I really need to resolve this for an important project here. Of course the project is behind schedule and I am left with little time to get my stuff working. I was hoping my syntax was just incorrect. The only other way I can image fixing this is to revert to slapd.conf ....
I guess the good news is that my steps and syntax look okay to you. If you have any other thoughts I would happily accept them.
Just tested, and can confirm it works correctly for me:
[zimbra@zre-ldap003 ~]$ ldapsearch -x -LLL -H ldapi:/// -D cn=config -w 8utM5cM7v0 -b "olcDatabase={2}mdb,cn=config" -s base olcAccess dn: olcDatabase={2}mdb,cn=config olcAccess: {0}to attrs=userPassword by anonymous auth by dn.children="cn=adm ins,cn=zimbra" write olcAccess: {1}to dn.subtree="cn=zimbra" by dn.children="cn=admins,cn=zimbra" write olcAccess: {2}to attrs=zimbraZimletUserProperties,zimbraGalLdapBindPassword,zi mbraGalLdapBindDn,zimbraAuthTokenKey,zimbraPreAuthKey,zimbraPasswordHistory,z imbraIsAdminAccount,zimbraAuthLdapSearchBindPassword by dn.children="cn=admi ns,cn=zimbra" write by * none olcAccess: {3}to attrs=objectclass by dn.children="cn=admins,cn=zimbra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zmam avis,cn=appaccts,cn=zimbra" read by users read by * none olcAccess: {4}to attrs=@amavisAccount by dn.children="cn=admins,cn=zimbra" wr ite by dn.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break olcAccess: {5}to attrs=mail by dn.children="cn=admins,cn=zimbra" write by dn .base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break olcAccess: {6}to attrs=zimbraAllowFromAddress,DKIMIdentity,DKIMSelector,DKIMDo main,DKIMKey by dn.children="cn=admins,cn=zimbra" write by dn.base="uid=zmp ostfix,cn=appaccts,cn=zimbra" read by * none olcAccess: {7}to filter="(!(zimbraHideInGal=TRUE))" attrs=cn,co,company,dc,di splayName,givenName,gn,initials,l,mail,o,ou,physicalDeliveryOfficeName,postal Code,sn,st,street,streetAddress,telephoneNumber,title,uid,homePhone,pager,mob ile,userCertificate by dn.children="cn=admins,cn=zimbra" write by dn.base=" uid=zmpostfix,cn=appaccts,cn=zimbra" read by users read by * none olcAccess: {8}to attrs=zimbraId,zimbraMailAddress,zimbraMailAlias,zimbraMailCa nonicalAddress,zimbraMailCatchAllAddress,zimbraMailCatchAllCanonicalAddress,z imbraMailCatchAllForwardingAddress,zimbraMailDeliveryAddress,zimbraMailForwar dingAddress,zimbraPrefMailForwardingAddress,zimbraMailHost,zimbraMailStatus,z imbraMailTransport,zimbraDomainName,zimbraDomainType,zimbraPrefMailLocalDeliv eryDisabled,member,memberURL,zimbraMemberOf by dn.children="cn=admins,cn=zim bra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by dn.base ="uid=zmamavis,cn=appaccts,cn=zimbra" read by * none olcAccess: {9}to dn.subtree="cn=groups,cn=zimbra" attrs=zimbraMailAlias,member ,zimbraMailStatus,entry by dn.children="cn=admins,cn=zimbra" write by dn.ba se="uid=zmpostfix,cn=appaccts,cn=zimbra" read olcAccess: {10}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by * read
[zimbra@zre-ldap003 ~]$ cat /tmp/access-del.ldif dn: olcDatabase={2}mdb,cn=config changetype: modify delete: olcAccess olcAccess: {0}
[zimbra@zre-ldap003 ~]$ ldapmodify -x -H ldapi:/// -D cn=config -w 8utM5cM7v0 -f /tmp/access-del.ldif modifying entry "olcDatabase={2}mdb,cn=config"
[zimbra@zre-ldap003 ~]$
[zimbra@zre-ldap003 ~]$ ldapsearch -x -LLL -H ldapi:/// -D cn=config -w 8utM5cM7v0 -b "olcDatabase={2}mdb,cn=config" -s base olcAccess dn: olcDatabase={2}mdb,cn=config olcAccess: {0}to dn.subtree="cn=zimbra" by dn.children="cn=admins,cn=zimbra" write olcAccess: {1}to attrs=zimbraZimletUserProperties,zimbraGalLdapBindPassword,zi mbraGalLdapBindDn,zimbraAuthTokenKey,zimbraPreAuthKey,zimbraPasswordHistory,z imbraIsAdminAccount,zimbraAuthLdapSearchBindPassword by dn.children="cn=admi ns,cn=zimbra" write by * none olcAccess: {2}to attrs=objectclass by dn.children="cn=admins,cn=zimbra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zmam avis,cn=appaccts,cn=zimbra" read by users read by * none olcAccess: {3}to attrs=@amavisAccount by dn.children="cn=admins,cn=zimbra" wr ite by dn.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break olcAccess: {4}to attrs=mail by dn.children="cn=admins,cn=zimbra" write by dn .base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break olcAccess: {5}to attrs=zimbraAllowFromAddress,DKIMIdentity,DKIMSelector,DKIMDo main,DKIMKey by dn.children="cn=admins,cn=zimbra" write by dn.base="uid=zmp ostfix,cn=appaccts,cn=zimbra" read by * none olcAccess: {6}to filter="(!(zimbraHideInGal=TRUE))" attrs=cn,co,company,dc,di splayName,givenName,gn,initials,l,mail,o,ou,physicalDeliveryOfficeName,postal Code,sn,st,street,streetAddress,telephoneNumber,title,uid,homePhone,pager,mob ile,userCertificate by dn.children="cn=admins,cn=zimbra" write by dn.base=" uid=zmpostfix,cn=appaccts,cn=zimbra" read by users read by * none olcAccess: {7}to attrs=zimbraId,zimbraMailAddress,zimbraMailAlias,zimbraMailCa nonicalAddress,zimbraMailCatchAllAddress,zimbraMailCatchAllCanonicalAddress,z imbraMailCatchAllForwardingAddress,zimbraMailDeliveryAddress,zimbraMailForwar dingAddress,zimbraPrefMailForwardingAddress,zimbraMailHost,zimbraMailStatus,z imbraMailTransport,zimbraDomainName,zimbraDomainType,zimbraPrefMailLocalDeliv eryDisabled,member,memberURL,zimbraMemberOf by dn.children="cn=admins,cn=zim bra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by dn.base ="uid=zmamavis,cn=appaccts,cn=zimbra" read by * none olcAccess: {8}to dn.subtree="cn=groups,cn=zimbra" attrs=zimbraMailAlias,member ,zimbraMailStatus,entry by dn.children="cn=admins,cn=zimbra" write by dn.ba se="uid=zmpostfix,cn=appaccts,cn=zimbra" read olcAccess: {9}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by * read
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration