Re: Permissions required to perform OU/DN filtering?
On 10/23/18 1:19 PM, Philip Colmer wrote:
On Tue, 23 Oct 2018 at 11:08, Michael Ströder
<michael(a)stroeder.com> wrote:
> Summary:
> You have to grant search privilege to all attributes used in the filter
> and read access to pseudo-attribute 'entry' and all other attributes to
> be returned in search results.
>
> Attribute 'entry' is missing here?
It is, but adding it hasn't fixed the problem, I'm afraid.
For "ou:dn:=external-community" to work, what is the search actually
looking at? I tried adding "dn" to the list of attributes to be
readable but that then failed to import as a valid configuration.
You would rather have to grant search access to 'entryDN'.
But sorry, I will not debug your ACLs.
You can start slapd with debug level for ACL debuggging.
Example:
slapd -h ... -d stats,acl
This will give you many log lines with details which permission is
requested for which entry and attribute.
Ciao, Michael.
Attachments:
- smime.p7s (application/pkcs7-signature — 3.7 KB)