On Fri, Sep 22, 2017 at 10:45 AM, Robert Heller heller@deepsoft.com wrote:
At Fri, 22 Sep 2017 10:47:29 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= < dieter@dkluenter.de> wrote:
Am Thu, 21 Sep 2017 10:01:48 -0400 (EDT) schrieb Robert Heller heller@deepsoft.com: [...]
Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: <=3D acl_mask:
[1]
mask: write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: =3D> slap_access_allowed: search access granted by write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: =3D> access_allowed: search access granted by write(=3Dwrscxd) Sep 21 09:50:01 c764guest.deepsoft.com slapd[17535]: conn=3D1000 op=3D11
SEARCH
RESULT tag=3D101 err=3D0 nentries=3D0 text=3D
[...]
You should find out why operation 11 results in 0 entries.
Operation 11 *seems* to be fetching the uid, using self, which has write access, which implies read access, which seems to work just fine, using ldapsearch from the command line:
[heller@c764guest ~]$ ldapsearch -D uid=test2user,ou=People,dc=deepsoft,dc=com -W -LLL '(uid=test2user)' uid Enter LDAP Password: dn: uid=test2user,ou=People,dc=deepsoft,dc=com uid: test2user
I haven't checked your logs, so apologies if the answers to my points are in there.
Is your search above the same search done by the tool? Consider: - base: where does the search start? dc=deepsoft,dc=com? ou=People? - type of search: base, one, sub - search filter: is (uid=test2user) the only filter? Usually there are objectClass filters together with that