Am 15.12.22 um 16:38 schrieb Ondřej Kuzník:
Should be authzTo if you're adding it to the lloadd's identity, are you sure uid=lloadd,ou=users,dc=example,dc=net has 'auth' (+x) access to dc=example,dc=net and the uid attribute on the subtree?
Thank you for the push in right direction I added an ACL: olcAccess: {0}to attr=uid by dn.exact=uid=lloadd,ou=users,dc=example,dc=net auth by * break
But I forgot, that the uid=lloadd could not enter any of my OUs. My security-paranoia leads me to disallow everything for everybody in the first place, so I have to open the path to my users :-) Now I got:
-------------------------- Dez 15 17:35:10 ldap02 slapd[321]: conn=1004 op=2 PROXYAUTHZ dn="uid=repl-user,ou=users,dc=example,dc=net" Dez 15 17:35:10 ldap02 slapd[321]: conn=1004 op=2 SRCH base="dc=example,dc=net" scope=2 deref=0 filter="(objectClass=*)" Dez 15 17:35:10 ldap02 slapd[321]: conn=1004 op=2 SEARCH RESULT tag=101 err=0 qtime=0.000018 etime=0.005746 nentries=56 text= -------------------------
Thank's a lot for your patience and all your help.