Le 4 juin 08 à 10:49, Hallvard B Furuseth a écrit :
> I am having some difficulty setting up the ACLs on my OpenLDAP server
> (2.4.8). No matter what I change, the ACL rules I write into my
> slapd.conf file seem to have no effect at all.
Have you stopped and restarted slapd? Only then do slapd.conf changes
Of course I've restarted slapd.
Which client command are you using, how do you expect it to behave,
and how does it actually behave?
At the moment, I just want the user to be able to
password. When I run this command:
The relevant result is: userPassword=****: read(=rscxd)
I am expecting to it to return (=xw). Futher, when I check the log
(loglevel 128), it reports "access_allowed: backend default write
access denied to
> As well as another to try to block Anonymous binds:
Hmph, that's misleading. That doesn't block anonymous Bind, it blocks
anonymously bound (or unbound) connections from accessing the
And without a userPassword acl above it, it also blocks users from
Binding:-) See also the 'disallow' directive.
Perhaps I misunderstand the FAQ. Wouldn't this prevent the anonymous
from seeing anything? I'll look into the 'disallow' directive as
well, but right now I'm more interested in making sure my ACLs work at
> But neither seem to have any effect at all. My present
> ACLs are as follows:
No other acls? Do they occur in a database definition or above
the database definitions?
No other ACLs. I double-checked to make sure there wasn't anything
hidden above the database definition.
> access to attrs=userPassword
> by self =xw
> by anonymous auth
> # allow only rootdn to read the monitor
The monitor? Then this one is presumably below 'database monitor' in
> access to *
> by self write
> by anonymous none
> by users read
Yes. These two were in the order found in my slapd.conf file, and
both are below "database monitor"