On 01-04-14 12:20, Dieter Klünter wrote:
Am Tue, 01 Apr 2014 11:04:15 +0200
schrieb Jonas Kellens <jonas.kellens@telenet.be>:


On 01-04-14 10:53, Terje Trane wrote:

On 01.04.2014 09:58, Jonas Kellens wrote:

even if I add at the beginning of slapd.conf the following :

access to * by *

I still get no results with the user
'cn=U101001,ou=101001,dc=mydomain'

I only get result with 'cn=Manager,dc=mydomain'


Remember that ACLs are  "first match used".

If a database does not have an ACL the global ACL applies.

But if it has a database specific ACL, that one is read first when 
accessing that particular database, and the global then *only* used
if there is no match (or a control keyword like break or continue
is specified) 

  I posted it before, but will post it again. This is the database 
specific ACL :

database        bdb
suffix          "dc=mydomain"
rootdn          "cn=Manager,dc=mydomain"
rootpw         {SSHA}blCAG/CNdFPY597Cf4Ssuj

run slapd in debugging mode and debug level acl

-Dieter

Hello Dieter,

debug level is 256.

/var/log/slapd.log :

Apr  1 14:21:32 slap01 slapd[17106]: conn=1039 fd=13 ACCEPT from IP=127.0.0.1:35278 (IP=0.0.0.0:389)
Apr  1 14:21:32 slap01 slapd[17106]: conn=1039 op=0 BIND dn="cn=U101001,ou=101001,dc=mydomain" method=128
Apr  1 14:21:32 slap01 slapd[17106]: conn=1039 op=0 BIND dn="cn=U101001,ou=101001,dc=mydomain" mech=SIMPLE ssf=0
Apr  1 14:21:32 slap01 slapd[17106]: conn=1039 op=0 RESULT tag=97 err=0 text=
Apr  1 14:21:32 slap01 slapd[17106]: conn=1039 op=1 SRCH base="ou=tbook1,ou=contacten,ou=101001,dc=mydomain" scope=2 deref=0 filter="(objectClass=*)"
Apr  1 14:21:32 slap01 slapd[17106]: conn=1039 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr  1 14:21:32 slap01 slapd[17106]: conn=1039 op=2 UNBIND
Apr  1 14:21:32 slap01 slapd[17106]: conn=1039 fd=13 closed



Kind regards,
Jonas.