On 27-02-14 17:49, Quanah Gibson-Mount wrote:
--On Thursday, February 27, 2014 4:19 PM +0100 Jonas Kellens
<jonas.kellens(a)telenet.be> wrote:
> Hello,
>
> I have a working openLDAP server version 2.3.43. My configuration there
> works : the correct users have the correct access.
>
> I have set up a new openLDAP-server with newer version 2.3.43.
>
> I have no working openLDAP on version 2.3.43.
>
> I have tried with the new syntax and with the command /usr/sbin/slaptest
> -f /etc/openldap/slapd.conf -v to use the build in converion tool, but I
> always got : ldap_bind: Invalid credentials (49)
>
> So I forgot this conversion and continued with the "old" slapd.conf
> file.
>
> But in this configuration (which is just a copy/paste of my openLDAP
> 2.3.43) no user can query the LDAP entries.
>
>
> So this is the setup :
>
> I have a user : cn=U101001,ou=101001,dc=mydomain
> This user is member of the group :
> cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain
> These members can read entries in the tree :
> ou=tbook1,ou=contacten,ou=101001,dc=mydomain
>
> I have in slapd.conf :
>
> access to dn.one="ou=tbook1,ou=contacten,ou=101001,dc=mydomain"
> by group.exact="cn=admins,ou=101001,dc=mydomain" write
> by group.exact="cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain"
> read
>
> So why does my user cn=U101001,ou=101001,dc=mydomain fails to get
> results
> ??
Likely the 2.3 acl set needs adjusting for 2.4.
I would also note it appears you're using the utterly broken packages
provided by RH. I'd strongly advise you to get sane, safe packages,
such as those provided by Symas or the LTB project.
--Quanah
Hello,
what kind of adjustments are needed then ?
access to dn.one="ou=tbook1,ou=contacten,ou=101001,dc=mydomain"
by group.exact="cn=admins,ou=101001,dc=mydomain" write
by group.exact="cn=tbook1,ou=gebruikers,ou=101001,dc=mydomain"
read
What of the above ACL-statement is incorrect ?
Kind regards,
Jonas.