-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/29/2011 09:13 AM, Axel Birndt wrote:
ldapsearch -x -D "" -s base -b "" -h localhost
You should expect a response exactly like this (unless your database suffix is set to ""):
ldapsearch -x -D "" -s base -b "" -h localhost # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: ALL #
# dn: objectClass: top objectClass: OpenLDAProotDSE
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
According to your output, there is definitely some ACL issue at play. Just like Quanah advised, look under olcDatabase={-1}frontend,cn=config to see your global ACLs. Most likely you'll need to put something like this as the very first rule there: olcAccess: {0}to dn.base="" by * read
At least, of course. Some of the other ACL statements you listed in olcDatabase={1}hdb,cn=config should also be under olcDatabase={-1}frontend,cn=config to allow access to the schema.
- -- Ondrej Kuznik
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.