I figured that out too. I wasn't paying close enough attention to my binds.
On 09/05/2016 03:25 PM, John Lewis wrote:
I am going to remove my second. I understand
now. I was
confused between the the difference between the explicit SASL/EXTERNAL
and the bind I manged to do without the "-Y EXTERNAL" I did.
On 09/01/2016 07:57 PM, John Lewis wrote:
> I am going to second this.
> On 09/01/2016 05:40 AM, Tom Jay wrote:
>> Can I make a request that certain features of the access control
>> documentation are emphasized? I've wasted quite a lot of time on
>> this and some simple rules (which already exist in the
>> documentation) would have been really helpful. These are:
>> 8. Access Control
>> 8.2. Access Control via Static Configuration
>> 8.2.5. Access Control Examples
>> To all attributes except homePhone, an entry can write to
>> itself, entries under example.com
entries can search by them,
>> anybody else has no access (implicit by * none) excepting for
>> authentication/authorization (*which is always done anonymously*).
>> The fact that authentication is always done anonymously,
>> even if anonymous binds are disabled in the configuration,
>> is very important.
>> 8.2.4. Access Control Evaluation
>> Slapd stops with the first <what> selector that matches the
>> entry and/or attribute.
>> This is also very important, as it explains exactly how the
>> access rules are processed.
>> The order of evaluation of access directives makes their
>> placement in the configuration file important.
>> I don't think this is emphasized enough, as it is critical
>> to how the access rules are processed.
>> Also, some mention of the ACL log level would be useful!