On Fri, Apr 5, 2013 at 1:11 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
--On Friday, April 05, 2013 12:46 PM -0700 Dark Morford <
darkmorford+ldap@gmail.com> wrote:
I'm setting up my first LDAP server; just using it as an auth provider
for Apache until I'm more comfortable with things. I was able to get it
up and running with a few user entries, but I can't get anonymous
searching to work the way I want.
It's configured (cn=config) style, and the ACLs are:
{0}to attrs=uid by anonymous read by users read
{1}to attrs=userPassword by anonymous auth by self write
{2}to * by users read
access to entry by * read needs to be in there too before {2}.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Adding the access entry exactly like you have it gave me an error; I managed to figure out that it needed to be 'to attrs=entry by * read'. And now it seems to be working, so thanks for that.
I'm not sure I understand why it's necessary, though. The client service (Apache) just needs to find out if a particular uid exists. Why does it need access to the whole entry?