On Tue, 2014-04-01 at 09:58 +0200, Jonas Kellens wrote:
On 31-03-14 12:52, Hallvard Breien Furuseth wrote:
(...) Append something like this to access list:
access to * by * search
even if I add at the beginning of slapd.conf the following :
access to * by *
I still get no results with the user 'cn=U101001,ou=101001,dc=mydomain'
Quite. access controls at the beginning of slapd.conf become the global access list, which are overridden by the database's access list. The latter ends with a default 'access to * by * none'.
Also you didn't say what kind of access - read, write, search or whatever. The default is '+0', i.e. no change.
This is all as described in man slapd.access.
*Append* access to * by * search (or something like it) to the database's access list. That means, after the other access statements. Then it'll apply to the entries not described by those statements. My guess is your previous attempt put it in front, thus hiding most access controls.