Hi list members,
i am trying to configure accesses to my ldap server, but i am doing some wrong i am not aware about. The access list is below:
access to dn.one="ou=appsrv,dc=ufv,dc=br" attrs=userpassword by self read by anonymous auth by * none
access to dn.one="ou=appsrv,dc=ufv,dc=br" by self read by * none
access to dn.one="ou=people,dc=ufv,dc=br" attrs=userpassword by self read by anonymous auth by * none
access to dn.one="ou=people,dc=ufv,dc=br" by self read by dn.exact="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read by * none
access to dn.one="ou=group,dc=ufv,dc=br" by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read by * none
=======================================
The command i am executing and its output is below
sioux@gustav$ ldapsearch -x -w ypldapA4esuopdV -D cn=ypldap,ou=appsrv,dc=ufv,dc=br -b ou=people,dc=ufv,dc=br -s one # extended LDIF # # LDAPv3 # base <ou=people,dc=ufv,dc=br> with scope oneLevel # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1 sioux@gustav$
Why am i not getting a list of entries below ou=people,dc=ufv,dc=br ?
Thanks in advance.
The ypldap access should be before the one that limits more - the more restrictive one will match first.
If that account is intended as you main 'root'-ish account, it should probably be granted access to all right off the bat.
Also: change your ldap password now. (I've done this; sent a password to the mailing list - dumb).
- chris
Chris Jacobs, Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 2001 6th Ave | Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Mon Jul 04 11:19:45 2011 Subject: cannot access entries
Hi list members,
i am trying to configure accesses to my ldap server, but i am doing some wrong i am not aware about. The access list is below:
access to dn.one="ou=appsrv,dc=ufv,dc=br" attrs=userpassword by self read by anonymous auth by * none
access to dn.one="ou=appsrv,dc=ufv,dc=br" by self read by * none
access to dn.one="ou=people,dc=ufv,dc=br" attrs=userpassword by self read by anonymous auth by * none
access to dn.one="ou=people,dc=ufv,dc=br" by self read by dn.exact="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read by * none
access to dn.one="ou=group,dc=ufv,dc=br" by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read by * none
=======================================
The command i am executing and its output is below
sioux@gustav$ ldapsearch -x -w ypldapA4esuopdV -D cn=ypldap,ou=appsrv,dc=ufv,dc=br -b ou=people,dc=ufv,dc=br -s one # extended LDIF # # LDAPv3 # base <ou=people,dc=ufv,dc=br> with scope oneLevel # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1 sioux@gustav$
Why am i not getting a list of entries below ou=people,dc=ufv,dc=br ?
Thanks in advance.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
This is for learning purposes, the password will not be that one on a production system. ypldap access is just before any other more restrictive.
My questions still remains: how may i have a listing of entry directly below (one level only) a given base ? Searching with a filter is interest too. But i am being prevented. Does anybody here know how it could be done given my access rules on the prior email ?
Thanks once more.
On Mon, Jul 4, 2011 at 4:01 PM, Chris Jacobs Chris.Jacobs@apollogrp.edu wrote:
The ypldap access should be before the one that limits more - the more restrictive one will match first.
If that account is intended as you main 'root'-ish account, it should probably be granted access to all right off the bat.
Also: change your ldap password now. (I've done this; sent a password to the mailing list - dumb).
- chris
Chris Jacobs, Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 2001 6th Ave | Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Mon Jul 04 11:19:45 2011 Subject: cannot access entries
Hi list members,
i am trying to configure accesses to my ldap server, but i am doing some wrong i am not aware about. The access list is below:
access to dn.one="ou=appsrv,dc=ufv,dc=br" attrs=userpassword by self read by anonymous auth by * none
access to dn.one="ou=appsrv,dc=ufv,dc=br" by self read by * none
access to dn.one="ou=people,dc=ufv,dc=br" attrs=userpassword by self read by anonymous auth by * none
access to dn.one="ou=people,dc=ufv,dc=br" by self read by dn.exact="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read by * none
access to dn.one="ou=group,dc=ufv,dc=br" by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read by * none
=======================================
The command i am executing and its output is below
sioux@gustav$ ldapsearch -x -w ypldapA4esuopdV -D cn=ypldap,ou=appsrv,dc=ufv,dc=br -b ou=people,dc=ufv,dc=br -s one # extended LDIF # # LDAPv3 # base <ou=people,dc=ufv,dc=br> with scope oneLevel # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1 sioux@gustav$
Why am i not getting a list of entries below ou=people,dc=ufv,dc=br ?
Thanks in advance.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
openldap-technical@openldap.org
-
Chris Jacobs -
Friedrich Locke