Am 29.11.2011 10:10, schrieb Ondrej Kuznik:
On 11/29/2011 09:13 AM, Axel Birndt wrote: You should expect a response exactly like this (unless your database suffix is set to ""):
ldapsearch -x -D "" -s base -b "" -h localhost
ldapsearch -x -D "" -s base -b "" -h localhost # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: ALL #
# dn: objectClass: top objectClass: OpenLDAProotDSE
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Most likely you'll need to put something like this as the very first rule there: olcAccess: {0}to dn.base="" by * read
Ok, thanks for your really quick help. I set the rule from above and got the following result:
ldapsearch -x -h localhost -b "" -s base + # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: + #
# dn: structuralObjectClass: OpenLDAProotDSE configContext: cn=config namingContexts: dc=2axels-company,dc=de supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 1.3.6.1.4.1.4203.1.10.1 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.826.0.1.3344810.2.3 supportedControl: 1.3.6.1.1.13.2 supportedControl: 1.3.6.1.1.13.1 supportedControl: 1.3.6.1.1.12 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedExtension: 1.3.6.1.1.8 supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 supportedLDAPVersion: 3 supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: NTLM entryDN: subschemaSubentry: cn=Subschema
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Yeah!! This looks much better!
At least, of course. Some of the other ACL statements you listed in olcDatabase={1}hdb,cn=config should also be under olcDatabase={-1}frontend,cn=config to allow access to the schema.
This is the next step, give me some time.
Thanks @All for your mind and time ;-)