On 6/9/23 21:39, Quanah Gibson-Mount wrote:
You've not provided any examples of the 'group' ACLs you provided, nor
the full context of your ACLs, so they may have not worked for any
number of reasons.
This is the full ACL I was using:
to attrs=userPassword
by group="cn=test,ou=Groups,ou=System,dc=example,dc=local" read
by self write
by anonymous auth
This lacks context, which I also noted was necessary.
There's zero information on:
a) what database this ACL is applied to, could be the cn=config db for
all I know
b) what ACLs may precede it that would take precedent.
--Quanah
I forgot this information; I am sorry for that. I hope that this will
include the necessary information.
a) All ACLs apply to "olcDatabase={2}mdb,cn=config", and there is only
one mdb database on this server.
b) I currently have 2 ACLs:
dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0} to attrs=userPassword
by group="cn=test,ou=Groups,ou=System,dc=example,dc=local" read
by self write
by anonymous auth
dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {1} to dn.subtree="dc=example,dc=local"
by users read
c) And the dynlist module configuration is the following:
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModuleLoad: {0}dynlist.la
olcModulePath: /usr/lib64/openldap
dn: olcOverlay={0}dynlist,olcDatabase={2}mdb,cn=config
objectClass: olcConfig
objectClass: olcDynListConfig
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: {0}dynlist
olcDynListAttrSet: {0}groupOfURLs memberURL member
--
Souji Thenria
