Hi I send it along with commands and results ldapsearch -x -b "cn=ldap_admins,ou=Groups,dc=domain,dc=com" -H ldapi:///
# ldap_admins, Groups, domain.com<http://domain.com> dn: cn=ldap_admins,ou=Groups,dc=domain,dc=com objectClass: groupOfNames cn: ldap_admins member: uid=test,ou=Users,dc=domain,dc=com ldapsearch -x -b "cn=test,ou=Users,dc=domain,dc=com" -H ldapi:/// # test, Users, domain.com<http://domain.com> dn: cn=test,ou=Users,dc=domain,dc=com objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person homeDirectory: /home/test loginShell: /bin/bash uid: test cn: test uidNumber: 10000 gidNumber: 10000 sn: test ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config 'olcDatabase={1}mdb' olcAccess: {0}to attrs=userPassword by self write by group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com" write by anonymous auth by * none olcAccess: {1}to * by self write by group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com" write by * read 12 авг. 2020 г., в 19:35, Quanah Gibson-Mount <[email protected]<mailto:[email protected]>> написал(а): --On Wednesday, August 12, 2020 5:24 PM +0000 Клеусов Владимир Сергеевич <[email protected]<mailto:[email protected]>> wrote: Sorry Please explain the group in the picture in the previous email cn ldap_admins member uid=test,ou=Users,dc=domain,dc=com Hi, Don't send images of textual data. Additionally your graphic doesn't show the DN of the group, so there's no way to map it to the ACLs you provided. Provide actual text data of the entries in question (the group and the user) in addition to the current ACLs. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
