Am Sat, 3 Sep 2016 15:09:39 +0200 schrieb A M <[email protected]>: > Hello, > > I just need to allow a simple "bind" user to be able the perform the > authenticated searches in the tree, while allowing all other users to > consult their data without being able to modify them. So I have set > the following primitive access rules: > > ------------------------------ > olcAccess: {0}to attrs=userPassword > by self write > by dn.base="cn=Manager,dc=example,dc=com" write > by anonymous auth > by * none" > > olcAccess: {1}to * > by self read > by dn.base="cn=Manager,dc=example,dc=com" write > by dn="uid=binduser,ou=Users,dc=example,dc=com" read > ------------------------------- > > With these settings, I can in fact perform authenticated searches as > dn="uid=binduser,ou=Users,dc=example,dc=com" with filter uid=username. > But the weird thing is that all other non-privileged users cannot see > their own data, although I have added "to * by self read".. > > What am I missing? Thanks ahead for any comment!
Run slapd in debug mode with debuglevel 128 and check acl processsing. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
