Am 15.12.22 um 16:38 schrieb Ondřej Kuzník:
Should be authzTo if you're adding it to the lloadd's identity, are you sure uid=lloadd,ou=users,dc=example,dc=net has 'auth' (+x) access to dc=example,dc=net and the uid attribute on the subtree?
Thank you for the push in right direction
I added an ACL:
olcAccess: {0}to attr=uid
by dn.exact=uid=lloadd,ou=users,dc=example,dc=net auth
by * break
But I forgot, that the uid=lloadd could not enter any of my OUs. My
security-paranoia leads me to disallow everything for everybody in the
first place, so I have to open the path to my users :-) Now I got:
--------------------------Dez 15 17:35:10 ldap02 slapd[321]: conn=1004 op=2 PROXYAUTHZ dn="uid=repl-user,ou=users,dc=example,dc=net" Dez 15 17:35:10 ldap02 slapd[321]: conn=1004 op=2 SRCH base="dc=example,dc=net" scope=2 deref=0 filter="(objectClass=*)" Dez 15 17:35:10 ldap02 slapd[321]: conn=1004 op=2 SEARCH RESULT tag=101 err=0 qtime=0.000018 etime=0.005746 nentries=56 text=
------------------------- Thank's a lot for your patience and all your help.
smime.p7s
Description: S/MIME Cryptographic Signature
