From: Quanah Gibson-Mount <[email protected]>
To: [email protected]
Cc: [email protected]
Date: 09/06/2013 12:29 PM
Subject: Re: SyncRepl Chaining
--On Friday, September 06, 2013 12:21 PM -0500 [email protected]
wrote:
> add: olcAccess
> olcAccess: {0}to *
> by dn.base="uid=syncrepl,ou=System,dc=oreillyauto,dc=com" read
> by dn.base="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" read
> by dn.base="uid=ldapAdmin,ou=System,dc=oreillyauto,dc=com" write
> by dn.base="uid=newUserAdmin,ou=System,dc=oreillyauto,dc=com" write
> by dn.base="uid=passwordAdmin,ou=System,dc=oreillyauto,dc=com" write
> break
This should be "by * break" not "break"
You have no ACL granting access to the pseudo-attribute "entry".
I personally have as my last ACL:
olcAccess: {10}to attrs=entry by dn.children="cn=admins,cn=zimbra" write
by *
read
--Quanah
--
Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
Here is the access list from a new slapcat, this is for olcDatabase={1}hdb
olcAccess: {0}to * by
dn.base="uid=syncrepl,ou=System,dc=oreillyauto,dc=com"
read by dn.base="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" read
by dn.base="uid=ldapAdmin,ou=System,dc=oreillyauto,dc=com" write by
dn.base
="uid=newUserAdmin,ou=System,dc=oreillyauto,dc=com" write by
dn.base="uid=p
asswordAdmin,ou=System,dc=oreillyauto,dc=com" write by * break
olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com" by
group/groupOfUniqueNa
mes/uniqueMember="cn=System
Administrators,ou=Groups,dc=oreillyauto,dc=com" w
rite by group/groupOfUniqueNames/uniqueMember="cn=LDAP
Admin,ou=Groups,dc=o
reillyauto,dc=com" write
olcAccess: {2}to attrs=userPassword by
group/groupOfUniqueNames/uniqueMember
="cn=Authenticate,ou=Groups,dc=oreillyauto,dc=com" write by anonymous
read
olcAccess: {3}to attrs=uid by anonymous read by users read
olcAccess: {4}to attrs=ou,employeeNumber by users read
olcAccess: {5}to dn.subtree="ou=System,dc=oreillyauto,dc=com" by
dn.subtree=
"ou=Users,dc=oreillyauto,dc=com" none by users read
olcAccess: {6}to dn.children="ou=Groups,dc=oreillyauto,dc=com" by
dnattr=own
er write by dnattr=uniqueMember read by * none
olcAccess: {7}to dn.children="ou=Users,dc=oreillyauto,dc=com" by self
read
by
group/groupOfUniqueNames/uniqueMember="cn=Authenticate,ou=Groups,dc=oreill
yauto,dc=com" read by * none
olcAccess: {8}to * by self read by users read
olcAccess: {9} to attrs=entry by dn.children="cn=admins" write by * read
and here is the debug.
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: conn=2777 op=0 BIND
dn="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" method=128
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com"
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (userPassword)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: auth access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_get: [1] attr
userPassword
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: access to entry
"uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com", attr "userPassword"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: to value by "",
(=0)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat:
uid=syncrepl,ou=system,dc=oreillyauto,dc=com
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat:
uid=readonlyuser,ou=system,dc=oreillyauto,dc=com
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat:
uid=ldapadmin,ou=system,dc=oreillyauto,dc=com
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat:
uid=newuseradmin,ou=system,dc=oreillyauto,dc=com
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat:
uid=passwordadmin,ou=system,dc=oreillyauto,dc=com
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat: *
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_mask: [6] applying +0
(break)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_mask: [6] mask: =0
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => dn: [2]
dc=oreillyauto,dc=com
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_get: [2] matched
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_get: [2] attr
userPassword
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: access to entry
"uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com", attr "userPassword"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: to value by "",
(=0)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_mask: no more <who>
clauses, returning =0 (stop)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => slap_access_allowed: auth
access denied by =0
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: no more
rules
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 13:28:29 slapd[22892]: last message repeated 3 times
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: PRESENT
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: PRESENT
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com"
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: EQUALITY
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 5
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: EQUALITY
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 5
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_access_allowed: granted
to database root
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: PRESENT
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (objectClass)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: PRESENT
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was
in cache (objectClass)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (uid)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (description)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdPolicySubentry)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (structuralObjectClass)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com"
"structuralObjectClass" requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (entryUUID)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (creatorsName)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (objectClass)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was
in cache (objectClass)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (uid)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (description)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdPolicySubentry)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (structuralObjectClass)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com"
"structuralObjectClass" requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (entryUUID)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (creatorsName)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (createTimestamp)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdHistory)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was
in cache (pwdHistory)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (userPassword)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdChangedTime)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdChangedTime"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdFailureTime)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdFailureTime"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was
in cache (pwdFailureTime)
Sep 6 13:28:29 slapd[22892]: last message repeated 11 times
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (createTimestamp)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdHistory)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was
in cache (pwdHistory)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (userPassword)
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep 6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Thank,
Eric
--
This message has been scanned for viruses and dangerous content,
and is believed to be clean.
Message id: E7DF7600DE2.A1C62
This communication and any attachments are confidential, protected by
Communications Privacy Act 18 USCS ยง 2510, solely for the use of the intended
recipient, and may contain legally privileged material. If you are not the
intended recipient, please return or destroy it immediately. Thank you.
