I'm setting up my first LDAP server; just using it as an auth provider for Apache until I'm more comfortable with things. I was able to get it up and running with a few user entries, but I can't get anonymous searching to work the way I want.

It's configured (cn=config) style, and the ACLs are: {0}to attrs=uid by anonymous read by users read {1}to attrs=userPassword by anonymous auth by self write {2}to * by users read

Searching for a user as the rootDN works fine:

shawn@aquamarine:~$ ldapsearch -x -D 'cn=Manager,dc=darkmorford,dc=net' -W -b 'dc=darkmorford,dc=net' '(uid=smorford)' uid Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=darkmorford,dc=net> with scope subtree # filter: (uid=smorford) # requesting: uid #

# smorford, Users, darkmorford.net dn: uid=smorford,ou=Users,dc=darkmorford,dc=net uid: smorford

# search result search: 2 result: 0 Success

# numResponses: 2 # numEntries: 1

But doing the same search anonymously can't find the user:

shawn@aquamarine:~$ ldapsearch -x -b 'dc=darkmorford,dc=net' '(uid=smorford)' uid # extended LDIF # # LDAPv3 # base <dc=darkmorford,dc=net> with scope subtree # filter: (uid=smorford) # requesting: uid #

# search result search: 2 result: 32 No such object

# numResponses: 1

I have to assume that something in the ACL is blocking the anonymous search. How do I fix this?