So, in the end, it was literally the "ou" attribute that I needed to
grant read access to.
Just in case anyone else needs to do something similar in the future …
On Tue, 23 Oct 2018 at 23:05, Quanah Gibson-Mount <quanah(a)symas.com> wrote:
--On Tuesday, October 23, 2018 2:21 PM +0100 Philip Colmer
> Yes, I can run slapd in debug mode but this is a production system so
> that means scheduling a maintenance window in several weeks' time. I
> was rather hoping to have a solution in place sooner than that thanks
> to the kind support of this list but, if I don't have it, I'll figure
> it out for myself.
I don't know the answer off the top of my head, but I would imagine you
could set up a test/dev server fairly quickly to figure this out? Should
be pretty straight forward. If you have the cn=config database enabled,
you could change the loglevel to ACL on the fly (just to note).
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: