Correct me if I'm wrong, but you also need to allow userPassword to be authenticated by anonymous:

olcAccess: to attrs=userPassword by anonymous auth


-Michael Proto


On Tue, Jul 16, 2013 at 3:09 PM, Leonardo Bacha Abrantes <leonardo@lbasolutions.com> wrote:
Hi guys,

I configured ACL (below) and am trying to log on the console with a ldap's user I receive the error "ldap_search_s No such object' on /var/log/secure. If I comment acls the user is able to logon.

Here my configuration:


==>> olcDatabase={2}bdb.ldif

olcRootDN: cn=Manager,dc=foo,dc=local
olcRootPW: {MD5}xxxxxxxxxxxxxxxxx
olcAccess: to attrs=userPassword by self write
olcAccess: to attrs=cn,sn,displayName,mail,description by users read
olcaccess: to * by self read

I used slapacl to check the permissions and appeared ok.


What I'm doing worng ? Can you help me please ?