So, in the end, it was literally the "ou" attribute that I needed to grant read access to.
Just in case anyone else needs to do something similar in the future … Regards Philip On Tue, 23 Oct 2018 at 23:05, Quanah Gibson-Mount <[email protected]> wrote: > > Hi Philip, > > --On Tuesday, October 23, 2018 2:21 PM +0100 Philip Colmer > <[email protected]> wrote: > > > Yes, I can run slapd in debug mode but this is a production system so > > that means scheduling a maintenance window in several weeks' time. I > > was rather hoping to have a solution in place sooner than that thanks > > to the kind support of this list but, if I don't have it, I'll figure > > it out for myself. > > I don't know the answer off the top of my head, but I would imagine you > could set up a test/dev server fairly quickly to figure this out? Should > be pretty straight forward. If you have the cn=config database enabled, > you could change the loglevel to ACL on the fly (just to note). > > Warm regards, > Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >
