Am Sat, 3 Sep 2016 15:09:39 +0200 schrieb A M amm.priv2@gmail.com:
Hello,
I just need to allow a simple "bind" user to be able the perform the authenticated searches in the tree, while allowing all other users to consult their data without being able to modify them. So I have set the following primitive access rules:
olcAccess: {0}to attrs=userPassword by self write by dn.base="cn=Manager,dc=example,dc=com" write by anonymous auth by * none"
olcAccess: {1}to * by self read by dn.base="cn=Manager,dc=example,dc=com" write by dn="uid=binduser,ou=Users,dc=example,dc=com" read
With these settings, I can in fact perform authenticated searches as dn="uid=binduser,ou=Users,dc=example,dc=com" with filter uid=username. But the weird thing is that all other non-privileged users cannot see their own data, although I have added "to * by self read"..
What am I missing? Thanks ahead for any comment!
Run slapd in debug mode with debuglevel 128 and check acl processsing.
-Dieter