Hi Team,
Requirements: I want to create user and provide only access to contextCSN.
I have tried to create user and gave privilege as below.
access to dn.base="dc=domain,dc=com" attrs=entry,children,contextcsn by dn.exact="uid=replmonitor,dc=domain,dc=com" read by * none
But it results as
ldapsearch -x -H ldaps:// -D "uid=replmonitor,dc=domain,dc=com" -W -b "dc=domain,dc=com" Enter LDAP Password: search: 2 result: 32 No such object
Please someone help me with the acl for the new user where it can list the contextCSN
Regards K.Keerthiga
--On Thursday, February 13, 2020 5:50 PM +0530 keerthi krishnan keerthikrishnan1369@gmail.com wrote:
access to dn.base="dc=domain,dc=com" attrs=entry,children,contextcsn by dn.exact="uid=replmonitor,dc=domain,dc=com" read by * none
Access statements without the context of the full configuration provide no real information that can be acted upon the majority of the time. I would also note that "by * none" at the end of an ACL is implicit, as discussed in the slapd.access(5) man page, so there is no reason to explicitly list it.
If you want help with your ACLs, you need to provide your configuration (minus passwords).
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On 2/13/20 10:51 PM, Quanah Gibson-Mount wrote:
I would also note that "by * none" at the end of an ACL is implicit, as discussed in the slapd.access(5) man page, so there is no reason to explicitly list it.
I'm also adding "by * none" at the end of ACLs for readability.
Is there any drawback, e.g. performance penalty?
Ciao, Michael.
--On Thursday, February 13, 2020 11:05 PM +0100 Michael Ströder michael@stroeder.com wrote:
Is there any drawback, e.g. performance penalty?
Don't think so. I just go for efficiency. ;)
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
keerthi krishnan -
Michael Ströder -
Quanah Gibson-Mount