How to add ACL on OpenLDAP

ldap openldap access-control-list ldif
5,394

Try adding by anonymous auth by * none at the end of your ACL directive:

olcAccess: {1}to dn.children="ou=users,dc=example,dc=com" by dn
 .exact="cn=workstation,ou=applications,dc=example,dc=com" read
by anonymous auth by * none
Share:
5,394

Related videos on Youtube

Dimitri Kopriwa
Author by

Dimitri Kopriwa

Advanced expertise in Internet technologies. Fully familiar with the DevOps movement, we do apply Agile development methodologies proven to create state-of-the-art software solutions, designed to scale globally. As R&D experts in Web technologies, we bring digital innovation added value to your business. If strengthening your information systems and developing your business through continuous improvements is your growth path, then our visions converge. Previously, at Moma Group R & D on the Voltalis energy saving project our aim was to promote responsible and sustainable use of electrical energy. In addition, we have also created technologies for cleaner energy.

Updated on September 18, 2022

Comments

  • Dimitri Kopriwa
    Dimitri Kopriwa almost 2 years

    I want to add an ACL for a sub organization on my OpenLDAP.

    This is their ACL documentation: https://www.openldap.org/doc/admin24/access-control.html

    I am using ldapmodify to update the ldap db on a running OpenLDAP instance.

    This is the ldif file I have imported:

    vim ro_access.ldif

    dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {2}to dn.children="ou=users,dc=example,dc=com" by dn.exact="cn=workstation,ou=applications,dc=example,dc=com" read

    I expect

    • has cn=workstation,ou=applications,dc=example,dc=com to be able to read children under ou=users,dc=example,dc=com
    • has auth to have the preceding default behavior.
    • has anonymous to have the preceding default behavior.

    I have

    • ldapwhoami working with cn=workstation,ou=applications,dc=example,dc=com
    • ldapsearch failing returning result uid=someone,ou=users,dc=example,dc=com with cn=workstation,ou=applications,dc=example,dc=com

    Edit

    I have tried to replace olcAccess {1} with {2} and {2} with {1}.

    This is the full replaced ACL and it also does not work:

    dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn
 =admin,dc=example,dc=com" write by dn="cn=ropw,dc=example,dc=co
 m" read by anonymous auth by * none 
olcaccess: {1}to dn.children="ou=users,dc=example,dc=com" by dn
 .exact="cn=workstation,ou=applications,dc=example,dc=com" read
olcaccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write
  by dn="cn=ro,dc=example,dc=com" read by dn="cn=ropw,dc=exam
 ple,dc=com" read by * none

    Any Idea why?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

openLDAP Replication Error "invalid format entry: olcDatabase={1}mdb,cn=config"
openLDAP ldap_modify: Server is unwilling to perform (53) when trying to delete custom schema
How to add admin users in 389 LDAP, fedora directory server
LDIF: Modify attr if exists; Add if not exists
OpenLDAP ACL to allow users to change their password
ldapadd/ldapmodify: clarifications needed about these commands
How to correctly ldapmodify replace olcAccess lines?
ldap_add: Constraint violation (19)
What are the other alternative to test a LDAP connection on linux machine
inetOrgPerson with member or memberOf?