Hi,

I hope I am on the right list for questions like this. I manage a OpenLDAP server installation on Ubuntu 8.10, and when I upgraded from 8.04 the configuration changed quite a bit.

I am trying to turn off anonymous access, but I get problems connecting to the ldap database even when not using anonymous bind.

I managed to find the configuration options I was looking for (at least i think so) with phpldapadmin. I found an object with dn olcDatabase={1}bdb,cn=config, in which I found an attribute called olcAccess, which I think is what I need to change. From the beginning it said:

{0}to attrs=userPassword,shadowLastChange by dn.base="cn=manager,dc=mydomain,dc=com" write by anonymous auth by self write by * none {1}to dn.base="" by * read {2}to * by dn.base="cn=manager,dc=mydomain,dc=com" write by * read

(of course with my dc values).

I tried to change the last entry to by * none, as I do not right now need my users to be able to read their or other users' values. It worked as expected, from an LDAP point of view, I still could log in anonymously, but I could not browse the database, however, logged in as manager it worked as it should.

The problem came in postfix, because I use my LDAP database (among other things) as an alias table. So I configured postfix not to bind anonymously, but to use server_host = localhost server_port = 389 search_base = dc=mydomain, dc=com bind = yes bind_dn = cn=manager, dc=mydomain, dc=com bind_pw = mysecret result_attribute = mail query_filter = (|(uid=%s)(mailAlias=%s))

But I got dict_ldap_lookup: Search error 50: Insufficient access from the mail.log

When I changed back, it worked again. I have tried to change various things (such as put in by anonymous auth before by * read, and changing dc.base="..." to dc="..." both in the first and in the last attribute value above, but it does not seem to change. What am I doing wrong? Any help would be much appreciated.

Best regards, Andreas