If you don't put "by anonymous auth" in there the not yet authenticated user has no permission to authenticate against the LDAP service. Each ACL ends with an implicit "by * none".
Am 01.08.24 um 11:19 schrieb pficheux@integra.fr:
Hello,
I'm trying to put ACL for a group, to allow write actions.
I followed this and it's workin : https://www.openldap.org/faq/data/cache/52.html
Here is what I put in my ldif file:
dn: olcDatabase={1}mdb,cn=config olcAccess: {0}to dn.subtree="dc=test,dc=example,dc=com" by group.exact="cn=writer,dc=test,dc=example,dc=com" write by anonymous auth
But I have two questions: Why do I have to put "by anonymous auth"? Without that I have an error 49, invalid credentials. I have not put "by self write", and it's working like that. Is it important?
Regards, Gab