I read the man page, but I guess I understood that the first rule only matched everything as a far as "what" to access. I thought it went what, who, permissions
My intent was to enable both of these to work. Access to all dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage and access to all dn.base=" cn=Manager,dc=local,dc=bob,dc=com" to manage as well The first one I am using, I guess as intended from the command line, and the second I would use from the command line as well, in a tool, etc. What would that ruleset look like? -----Original Message----- From: openldap-technical [mailto:[email protected]] On Behalf Of Ryan Tandy Sent: Tuesday, September 12, 2017 2:39 PM To: Nick Gray <[email protected]> Cc: [email protected] Subject: Re: I can't seem to find the answer to these olcAccess questions On Mon, Sep 11, 2017 at 04:18:20PM -0500, Nick Gray wrote: >With this config,.shouldn't this work as well > >ldapsearch -x -W -D cn=Manager,dc=local,dc=bob,dc=com -b cn=config >olcDatabase=\* The rules on your config database are: olcAccess: {0} to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage olcAccess: {1} to * by dn="cn=Manager,dc=local,dc=bob,dc=com" manage The first matches everything (*), so the second is never consulted. >My other question is where is there a reference to exactly what >"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" means. I >can't seem to find one. http://www.openldap.org/doc/admin24/sasl.html#IPC%20(ldapi%3A%2F%2F%2F)%20Id entity%20Format
