Hello, 389ers.
I am migrating a whitepages server from OpenLDAP to 389-DS.
My instance has a root suffix with two subtrees (for staff and students).
Anonymous
queries of the two root suffix subtrees return the expected results.
The instance also has a second suffix of "o=psi,c=ch" with three subtrees:
ou=contacts,o=psi,c=ch
ou=groups,o=psi,c=ch
ou=users,o=psi,c=ch
Anonymous queries of the three "o=psi,c=ch" subtrees return NO records.
I have added ACIs for the three "o=psi,c=ch" subtrees and restarted the instance, but
anonymous queries of any of the three "o=psi,c=ch" subtrees STILL return no records.
Does anyone know how to allow anonymous queries?
Thanks,
David
[root@el-dap ~]#
[root@el-dap ~]#
/usr/bin/ldapsearch -H ldap://el-dap.ethz.ch/ -D "cn=Directory Manager" -W -x -b "ou=users,o=psi,c=ch" -s sub '(aci=*)' aci
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=users,o=psi,c=ch> with scope subtree
# filter: (aci=*)
# requesting: aci
#
# users, psi, ch
dn: ou=users,o=psi,c=ch
aci: (target = "ldap:///ou=users,o=psi,c=ch")(version 3.0; acl "Anonymous read
, search for users";allow (read, search) userdn = "ldap:///anyone";)
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@el-dap ~]#
[root@el-dap ~]#
[root@el-dap ~]#
/usr/bin/ldapsearch -H ldap://el-dap.ethz.ch/ -LLL -x -b 'ou=users,o=psi,c=ch' '(cn=*kohler*)'
[root@el-dap ~]#
[root@el-dap ~]#
[root@el-dap ~]#
tail /var/log/dirsrv/slapd-el-dap/access
[30/Apr/2020:10:23:02.362530519 +0200] conn=5 fd=64 slot=64 connection from 129.132.65.9 to 129.132.65.9
[30/Apr/2020:10:23:02.362748318 +0200] conn=5 op=0 BIND dn="" method=128 version=3
[30/Apr/2020:10:23:02.362795436 +0200] conn=5 op=0 RESULT err=0 tag=97 nentries=0 etime=0.0000179605 dn=""
[30/Apr/2020:10:23:02.363025956 +0200] conn=5 op=1 SRCH base="ou=users,o=psi,c=ch" scope=2 filter="(cn=*kohler*)" attrs=ALL
[30/Apr/2020:10:23:02.363471926 +0200] conn=5 op=1 RESULT err=0 tag=101 nentries=0 etime=0.0000606595
[30/Apr/2020:10:23:02.363649360 +0200] conn=5 op=2 UNBIND
[30/Apr/2020:10:23:02.363680129 +0200] conn=5 op=2 fd=64 closed - U1
[root@el-dap ~]#
___________________________________________________
David McLaughlin
ETH Zürich / Swiss Federal Institute of Technology
Informatikdienste
Basisdienste
Mail, Archive & Directories group
CH-8092 Zürich
Tel.: +41 44 632 3531
e-mail:
david.mclaughlin@id.ethz.ch