--On Monday, November 11, 2019 11:35 PM +0100 Marc Roos M.Roos@f1-outsourcing.eu wrote:
I have problems authenticating against this acl[0] with nslcd, if I use[1] authentication is fine. I have the impression the dn.exact is not able to access the password attribute, because getent shows the other attributes. How should I rewrite this so the dn.exact is able to read the password attributes from dn.subtree?
olcAccess: {2} to attrs=userPassword,shadowLastChange by ssf=256 self read by ssf=256 anonymous auth by * none continue
The main issue I see is that "continue" doesn't work the way you seem to think it does. "continue", as noted in the man page:
"the continue form allows for other <who> clauses in the same <access> clause to be considered"
You have no additional clauses after the continue in *that* access clause, so it has no effect.
I.e., for continue to work it would be something like:
access to whatever by something +r continue by something .....
Then the second "by something" would be processed.
To consider *multiple* access lines, you need to use the "break" keyword.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com