Why not adjust your logLevel to include ACL processing, its usually very informative. On Jul 4, 2011, at 1:23 PM, Friedrich Locke wrote:
This is for learning purposes, the password will not be that one on a production system. ypldap access is just before any other more restrictive.
My questions still remains: how may i have a listing of entry directly below (one level only) a given base ? Searching with a filter is interest too. But i am being prevented. Does anybody here know how it could be done given my access rules on the prior email ?
Thanks once more.
On Mon, Jul 4, 2011 at 4:01 PM, Chris Jacobs Chris.Jacobs@apollogrp.edu wrote:
The ypldap access should be before the one that limits more - the more restrictive one will match first.
If that account is intended as you main 'root'-ish account, it should probably be granted access to all right off the bat.
Also: change your ldap password now. (I've done this; sent a password to the mailing list - dumb).
- chris
Chris Jacobs, Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 2001 6th Ave | Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Mon Jul 04 11:19:45 2011 Subject: cannot access entries
Hi list members,
i am trying to configure accesses to my ldap server, but i am doing some wrong i am not aware about. The access list is below:
access to dn.one="ou=appsrv,dc=ufv,dc=br" attrs=userpassword by self read by anonymous auth by * none
access to dn.one="ou=appsrv,dc=ufv,dc=br" by self read by * none
access to dn.one="ou=people,dc=ufv,dc=br" attrs=userpassword by self read by anonymous auth by * none
access to dn.one="ou=people,dc=ufv,dc=br" by self read by dn.exact="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read by * none
access to dn.one="ou=group,dc=ufv,dc=br" by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read by * none
=======================================
The command i am executing and its output is below
sioux@gustav$ ldapsearch -x -w ypldapA4esuopdV -D cn=ypldap,ou=appsrv,dc=ufv,dc=br -b ou=people,dc=ufv,dc=br -s one # extended LDIF # # LDAPv3 # base <ou=people,dc=ufv,dc=br> with scope oneLevel # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1 sioux@gustav$
Why am i not getting a list of entries below ou=people,dc=ufv,dc=br ?
Thanks in advance.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
openldap-technical@openldap.org