i just happened to notice that the following search(es) don't return the expected results:
ldapsearch -xs base -b '' +
# extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: + #
# search result search: 2 result: 0 Success
# numResponses: 1
ldapsearch -xs base -b '' namingContexts
# extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: namingContexts #
# search result search: 2 result: 0 Success
# numResponses: 1
below is the debug output from slapd for the first search - what am i doing wrong?
i'm using 2.4.21, courtesy of ubuntu.
[...]
conn=1000 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" conn=1000 op=1 SRCH attr=+ => test_filter PRESENT => access_allowed: search access to "" "objectClass" requested => acl_get: [1] attr objectClass => acl_mask: access to entry "", attr "objectClass" requested => acl_mask: to all values by "", (=0) <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth <= check a_dn_pat: * <= acl_mask: [2] applying +0 (break) <= acl_mask: [2] mask: =0 <= acl_get: done. => slap_access_allowed: no more rules => access_allowed: no more rules <= test_filter 50
This 50 means insufficient access, as pointed out by the above logs. Your ACLs prevent searching the rootDSE entry.
p.