--On Wednesday, February 23, 2022 8:25 AM +0100 Ulrich Windl
<Ulrich.Windl(a)rz.uni-regensburg.de> wrote:
>>> Yes, if you query the right place. I.e., cn=subschema:
>>>
>>> ldapsearch ... ‑s base ‑b "cn=subschema" +
>>
>> When I try that I get "No such object", and when I try
>
> Then you used a bind identity that doesn't have access to cn=subschema.
> Generally it is advised that cn=subschema should be readable by anyone.
I have this in "dn: olcDatabase={-1}frontend,cn=config":
olcAccess: {0}to dn.exact="" by * read
olcAccess: {1}to dn.base="cn=Subschema" by * read
Shouldn't that do?
Generally yes, but your stated results would indicate otherwise.
--Quanah