Dear all,
I have a setup of **OpenLDAP v2.3** which I am using for last few years. Following are the lines in `slapd.conf` for access control.
access to dn.one="o=abc, c=IN" by * read access to dn.base="o=abc, c=IN" by * none
When I do ldapsearch using anonymous bind gives me result.
For example following command gives result.
ldapsearch -x -h localhost -b "o=abc,c=IN"
Now I upgraded the OS, CentOS from 5.5 to 6.3 so the version of OpenLDAP is **OpenLDAP v2.4**. We have not changed the schema.
But now the same `ldapsearch` gives me `result: 32 No such object` error.
But it works when I added following line in access control configuration.
access to dn.one="o=abc, c=IN" by * read access to dn.base="o=abc, c=IN" by anonymous read by * none
What can be the reason? Is there any security risk in doing so?
man slapd.access(5):
[...]
The search operation, requires search (=s) privileges on the entry pseudo-attribute of the searchBase (NOTE: this was introduced with OpenLDAP 2.4).
[...]
p.
Thank you.
-- Regards, Sachin Divekar