From: Quanah Gibson-Mount quanah@zimbra.com To: espeake@oreillyauto.com Cc: openldap-technical@openldap.org Date: 09/06/2013 12:29 PM Subject: Re: SyncRepl Chaining
--On Friday, September 06, 2013 12:21 PM -0500 espeake@oreillyauto.com wrote:
add: olcAccess olcAccess: {0}to * by dn.base="uid=syncrepl,ou=System,dc=oreillyauto,dc=com" read by dn.base="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" read by dn.base="uid=ldapAdmin,ou=System,dc=oreillyauto,dc=com" write by dn.base="uid=newUserAdmin,ou=System,dc=oreillyauto,dc=com" write by dn.base="uid=passwordAdmin,ou=System,dc=oreillyauto,dc=com" write break
This should be "by * break" not "break"
You have no ACL granting access to the pseudo-attribute "entry".
I personally have as my last ACL:
olcAccess: {10}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by * read
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Here is the access list from a new slapcat, this is for olcDatabase={1}hdb
olcAccess: {0}to * by dn.base="uid=syncrepl,ou=System,dc=oreillyauto,dc=com" read by dn.base="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" read by dn.base="uid=ldapAdmin,ou=System,dc=oreillyauto,dc=com" write by dn.base ="uid=newUserAdmin,ou=System,dc=oreillyauto,dc=com" write by dn.base="uid=p asswordAdmin,ou=System,dc=oreillyauto,dc=com" write by * break olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com" by group/groupOfUniqueNa mes/uniqueMember="cn=System Administrators,ou=Groups,dc=oreillyauto,dc=com" w rite by group/groupOfUniqueNames/uniqueMember="cn=LDAP Admin,ou=Groups,dc=o reillyauto,dc=com" write olcAccess: {2}to attrs=userPassword by group/groupOfUniqueNames/uniqueMember ="cn=Authenticate,ou=Groups,dc=oreillyauto,dc=com" write by anonymous read olcAccess: {3}to attrs=uid by anonymous read by users read olcAccess: {4}to attrs=ou,employeeNumber by users read olcAccess: {5}to dn.subtree="ou=System,dc=oreillyauto,dc=com" by dn.subtree= "ou=Users,dc=oreillyauto,dc=com" none by users read olcAccess: {6}to dn.children="ou=Groups,dc=oreillyauto,dc=com" by dnattr=own er write by dnattr=uniqueMember read by * none olcAccess: {7}to dn.children="ou=Users,dc=oreillyauto,dc=com" by self read by group/groupOfUniqueNames/uniqueMember="cn=Authenticate,ou=Groups,dc=oreill yauto,dc=com" read by * none olcAccess: {8}to * by self read by users read olcAccess: {9} to attrs=entry by dn.children="cn=admins" write by * read
and here is the debug.
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: conn=2777 op=0 BIND dn="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" method=128 Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry: "cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com" Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (userPassword) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: auth access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_get: [1] attr userPassword Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: access to entry "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com", attr "userPassword" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: to value by "", (=0) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat: uid=syncrepl,ou=system,dc=oreillyauto,dc=com Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat: uid=readonlyuser,ou=system,dc=oreillyauto,dc=com Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat: uid=ldapadmin,ou=system,dc=oreillyauto,dc=com Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat: uid=newuseradmin,ou=system,dc=oreillyauto,dc=com Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat: uid=passwordadmin,ou=system,dc=oreillyauto,dc=com Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat: * Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_mask: [6] applying +0 (break) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_mask: [6] mask: =0 Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => dn: [2] dc=oreillyauto,dc=com Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_get: [2] matched Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_get: [2] attr userPassword Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: access to entry "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com", attr "userPassword" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: to value by "", (=0) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_mask: no more <who> clauses, returning =0 (stop) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => slap_access_allowed: auth access denied by =0 Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: no more rules Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Sep 6 13:28:29 slapd[22892]: last message repeated 3 times Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: PRESENT Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6 Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: PRESENT Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6 Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry: "cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com" Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: EQUALITY Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 5 Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: EQUALITY Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 5 Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_access_allowed: granted to database root Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: PRESENT Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6 Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (objectClass) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: PRESENT Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was in cache (objectClass) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (uid) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (description) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (pwdPolicySubentry) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (structuralObjectClass) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "structuralObjectClass" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (entryUUID) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (creatorsName) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6 Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry: "uid=readonlyuser,ou=system,dc=oreillyauto,dc=com" Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (objectClass) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was in cache (objectClass) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (uid) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (description) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (pwdPolicySubentry) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (structuralObjectClass) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "structuralObjectClass" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (entryUUID) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (creatorsName) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (createTimestamp) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (pwdHistory) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was in cache (pwdHistory) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (userPassword) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (pwdChangedTime) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdChangedTime" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (pwdFailureTime) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdFailureTime" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was in cache (pwdFailureTime) Sep 6 13:28:29 slapd[22892]: last message repeated 11 times Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (createTimestamp) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (pwdHistory) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was in cache (pwdHistory) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not in cache (userPassword) Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword" requested Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access granted by manage(=mwrscxd)
Thank, Eric -- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: E7DF7600DE2.A1C62
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.