Re: Antw: [EXT] Problem with ppolicy overlay and userPassword attribute
>> Quanah Gibson-Mount <quanah(a)fast-mail.org> schrieb am
22.02.2022 um 17:49
in
Nachricht <6D8946CEFE1406A76522A36F(a)[192.168.1.12]>:
--On Tuesday, February 22, 2022 12:44 PM +0100 Ulrich Windl
<Ulrich.Windl(a)rz.uni-regensburg.de> wrote:
>>>> Quanah Gibson-Mount <quanah(a)fast-mail.org> schrieb am 18.02.2022
um
>>>> 22:37
> in
> Nachricht <8A1ED4C1E941394D45838C24(a)[192.168.1.12]>:
>
>>
>> ‑‑On Friday, February 18, 2022 9:03 AM +0100 Ulrich Windl
>> <Ulrich.Windl(a)rz.xn--uniregensburg-dm6g.de> wrote:
>>
>>> But I should be able to query it, right? If so what is the correct
>>> filter expression?
>>
>>
>> Yes, if you query the right place. I.e., cn=subschema:
>>
>> ldapsearch ... ‑s base ‑b "cn=subschema" +
>
> When I try that I get "No such object", and when I try
Then you used a bind identity that doesn't have access to cn=subschema.
Generally it is advised that cn=subschema should be readable by anyone.
I have this in "dn: olcDatabase={-1}frontend,cn=config":
olcAccess: {0}to dn.exact="" by * read
olcAccess: {1}to dn.base="cn=Subschema" by * read
Shouldn't that do?
--Quanah