I read the man page, but I guess I understood that the first rule only matched everything as a far as "what" to access. I thought it went what, who, permissions
My intent was to enable both of these to work.
Access to all dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage and access to all dn.base=" cn=Manager,dc=local,dc=bob,dc=com" to manage as well
The first one I am using, I guess as intended from the command line, and the second I would use from the command line as well, in a tool, etc.
What would that ruleset look like?
-----Original Message----- From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Ryan Tandy Sent: Tuesday, September 12, 2017 2:39 PM To: Nick Gray nick@graysaustin.com Cc: openldap-technical@openldap.org Subject: Re: I can't seem to find the answer to these olcAccess questions
On Mon, Sep 11, 2017 at 04:18:20PM -0500, Nick Gray wrote:
With this config,.shouldn't this work as well
ldapsearch -x -W -D cn=Manager,dc=local,dc=bob,dc=com -b cn=config olcDatabase=*
The rules on your config database are:
olcAccess: {0} to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage olcAccess: {1} to * by dn="cn=Manager,dc=local,dc=bob,dc=com" manage
The first matches everything (*), so the second is never consulted.
My other question is where is there a reference to exactly what "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" means. I can't seem to find one.
http://www.openldap.org/doc/admin24/sasl.html#IPC%20(ldapi%3A%2F%2F%2F)%20Id entity%20Format