On Fri, Apr 5, 2013 at 1:11 PM, Quanah Gibson-Mount quanah@zimbra.comwrote:
--On Friday, April 05, 2013 12:46 PM -0700 Dark Morford < darkmorford+ldap@gmail.com> wrote:
I'm setting up my first LDAP server; just using it as an auth provider
for Apache until I'm more comfortable with things. I was able to get it up and running with a few user entries, but I can't get anonymous searching to work the way I want.
It's configured (cn=config) style, and the ACLs are: {0}to attrs=uid by anonymous read by users read {1}to attrs=userPassword by anonymous auth by self write {2}to * by users read
access to entry by * read needs to be in there too before {2}.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
Adding the access entry exactly like you have it gave me an error; I managed to figure out that it needed to be 'to attrs=entry by * read'. And now it seems to be working, so thanks for that.
I'm not sure I understand why it's necessary, though. The client service (Apache) just needs to find out if a particular uid exists. Why does it need access to the whole entry?
openldap-technical@openldap.org