How to add ACL on OpenLDAP
Try adding by anonymous auth by * none
at the end of your ACL directive:
olcAccess: {1}to dn.children="ou=users,dc=example,dc=com" by dn
.exact="cn=workstation,ou=applications,dc=example,dc=com" read
by anonymous auth by * none
Related videos on Youtube
![Dimitri Kopriwa](https://i.stack.imgur.com/ciCPW.png?s=256&g=1)
Dimitri Kopriwa
Advanced expertise in Internet technologies. Fully familiar with the DevOps movement, we do apply Agile development methodologies proven to create state-of-the-art software solutions, designed to scale globally. As R&D experts in Web technologies, we bring digital innovation added value to your business. If strengthening your information systems and developing your business through continuous improvements is your growth path, then our visions converge. Previously, at Moma Group R & D on the Voltalis energy saving project our aim was to promote responsible and sustainable use of electrical energy. In addition, we have also created technologies for cleaner energy.
Updated on September 18, 2022Comments
-
Dimitri Kopriwa almost 2 years
I want to add an ACL for a sub organization on my OpenLDAP.
This is their ACL documentation: https://www.openldap.org/doc/admin24/access-control.html
I am using
ldapmodify
to update the ldap db on a running OpenLDAP instance.This is the ldif file I have imported:
vim ro_access.ldif
dn: olcDatabase={1}mdb,cn=config changetype: modify add: olcAccess olcAccess: {2}to dn.children="ou=users,dc=example,dc=com" by dn.exact="cn=workstation,ou=applications,dc=example,dc=com" read
I expect
- has
cn=workstation,ou=applications,dc=example,dc=com
to be able to read children underou=users,dc=example,dc=com
- has
auth
to have the preceding default behavior. - has
anonymous
to have the preceding default behavior.
I have
-
ldapwhoami
working withcn=workstation,ou=applications,dc=example,dc=com
-
ldapsearch
failing returning resultuid=someone,ou=users,dc=example,dc=com
withcn=workstation,ou=applications,dc=example,dc=com
Edit
I have tried to replace
olcAccess
{1}
with{2}
and{2}
with{1}
.This is the full replaced ACL and it also does not work:
dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcAccess olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn =admin,dc=example,dc=com" write by dn="cn=ropw,dc=example,dc=co m" read by anonymous auth by * none olcaccess: {1}to dn.children="ou=users,dc=example,dc=com" by dn .exact="cn=workstation,ou=applications,dc=example,dc=com" read olcaccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by dn="cn=ro,dc=example,dc=com" read by dn="cn=ropw,dc=exam ple,dc=com" read by * none
Any Idea why?
- has