At Wed, 20 Sep 2017 19:30:17 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= dieter@dkluenter.de wrote:
Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com:
OK, I fixed the ACLs (I think), but it is still not working. I turned on verbose debugging for sssd[pam] and moderate debugging for slapd. =20 Here are my ACLs in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{2}hdb.ldif: =20 olcAccess: {0}to attrs=3DuserPassword by self write by anonymous auth by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write by * none olcAccess: {1}to * by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write by * read =20 There are also these olcAccess entries: =20 in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{0}config.ldif: =20 olcAccess: {0}to * by dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D=
auth"
manage by * none =20 and in /etc/openldap/slapd.d/cn=3Dconfig/olcDatabase=3D{1}monitor.ldif: =20 olcAccess: {0}to * by dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern al,cn=3D=
auth"
read by dn.base=3D"cn=3DManager,dc=3Ddeepsoft,dc=3Dcom" read by * none
[...]
You may run slapd in debugging mode 128.
How do I do that using the "new" configuration method in /etc/openldap/slapd.d?
I added:
logLevel: 128
to the end of /etc/openldap/slapd.d/cn=config.ldif
But it does not like it:
Sep 20 13:59:47 c764guest.deepsoft.com slapd[32362]: UNKNOWN attributeDescription "LOGLEVEL" inserted.
The documentaion talks about loglevel in slapd.conf, but I am not using slapd.conf...
-Dieter
--=20 Dieter Kl=C3=BCnter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53=C2=B037'09,95"N 10=C2=B008'02,42"E