--On Tuesday, September 30, 2014 2:30 PM -0400 Steven Presser
No; That bind DN is used only in simple authentication. I am
them as separate accounts, for the time being. One of my ACLs is:
access to *
by dn.exact="cn=repl,dc=pressers,dc=name" read
by * break
Which I think ought to cover the permissions required pretty well. As you
can see, they have identical permissions.
Also, I just noticed an error introduced by copy-paste in my last email.
In both configs there is a floating "i" on the searchbase line. That
belongs at the end of "GSSAP" on the saslmech line.
Ok, well, without having your full configs available (minus passwords), one
can only make guesses. ;)
I would start with binding as that ID using ldapwhoami, then move on to
ldapsearch, etc, and verify all of that works as expected.
Zimbra :: the leader in open source messaging and collaboration