On 10/23/18 1:19 PM, Philip Colmer wrote:
On Tue, 23 Oct 2018 at 11:08, Michael Ströder michael@stroeder.com wrote:
Summary: You have to grant search privilege to all attributes used in the filter and read access to pseudo-attribute 'entry' and all other attributes to be returned in search results.
Attribute 'entry' is missing here?
It is, but adding it hasn't fixed the problem, I'm afraid.
For "ou:dn:=external-community" to work, what is the search actually looking at? I tried adding "dn" to the list of attributes to be readable but that then failed to import as a valid configuration.
You would rather have to grant search access to 'entryDN'.
But sorry, I will not debug your ACLs. You can start slapd with debug level for ACL debuggging.
Example:
slapd -h ... -d stats,acl
This will give you many log lines with details which permission is requested for which entry and attribute.
Ciao, Michael.