In openldap 2.4, how to identify users or service accounts that have write access. Can we do ldapsearch and find out?
On 5/7/2024 2:09 PM, kalybox2020@gmail.com wrote:
In openldap 2.4, how to identify users or service accounts that have write access. Can we do ldapsearch and find out?
Hi Kalybox2020,
I would recommend reading the documentation like the Admin guide and the on-line manuals. There's more than one way to answer your question.
You start to answer this with an ldapsearch on the cn=config backend, filtering on "olcaccess=*" and returning the olcaccess attribute values.
--On Tuesday, May 7, 2024 3:38 PM -0700 Christopher Paul chris.paul@rexconsulting.net wrote:
You start to answer this with an ldapsearch on the cn=config backend, filtering on "olcaccess=*" and returning the olcaccess attribute values.
That's assuming they have something that can read olcAccess from cn=config. They could also be using slapd.conf, which may not have cn=config exposed. Better to follow your instructions about the documentation so they can learn how to read their configuration for slapd.
--Quanah
--On Tuesday, May 7, 2024 10:09 PM +0000 kalybox2020@gmail.com wrote:
In openldap 2.4, how to identify users or service accounts that have write access. Can we do ldapsearch and find out?
Write access is controlled via the ACL statements of your slapd configuration.
I would also note that OpenLDAP 2.4 has been deprecated for several years and is no longer supported.
Regards, Quanah
openldap-technical@openldap.org
-
Christopher Paul -
kalybox2020@gmail.com -
Quanah Gibson-Mount