How to correctly ldapmodify replace olcAccess lines?

debian ldap openldap access-control-list
24,117

This ldif worked for me, with previous command

dn: olcDatabase{1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=somesite,dc=com" write
        by dn="uid=anotheruser,ou=Users,dc=somesite,dc=com" write
        by anonymous auth
        by self write
        by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to *
 by self write
 by dn="cn=admin,dc=somesite,dc=com" write
 by dn="cn=anotheruser,ou=Users,dc=somesite,dc=com" write
 by * read
Share:
24,117

Related videos on Youtube

Terence
Author by

Terence

Updated on September 18, 2022

Comments

  • Terence
    Terence almost 2 years

    This is a part from olcDatabase={1}hdb.ldif

    olcAccess: {0}to attrs=userPassword,shadowLastChange
 by self write
 by anonymous auth
 by dn="cn=admin,dc=somesite,dc=com" write
 by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to *
 by self write
 by dn="cn=admin,dc=somesite,dc=com" write
 by * read

    I would like to append by dn="cn=anotheruser,ou=Users,dc=somesite,dc=com" write to the {0} and {2} line.

    Before I destroy my LDAP server, is the following LDIF correct?

    dn: olcDatabase{1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=somesite,dc=com" write
        by dn="uid=anotheruser,ou=Users,dc=somesite,dc=com" write
        by anonymous auth
        by self write
        by * none
olcAccess: {2}to *
 by self write
 by dn="cn=admin,dc=somesite,dc=com" write
 by dn="cn=anotheruser,ou=Users,dc=somesite,dc=com" write
 by * read

    With: ldapmodify -Y EXTERNAL -H ldapi:/// -f ./changes.ldif

    My concerns are:

    • there are 3 olcAccess: lines, I did not include the {1} line so would it still be there after committing the ldif changes
    • is the replace: olcAccess line correct?
    • 84104
      84104 almost 11 years
      Please tell me this isn't managing posixAccount dns. Allowing such a dn to change its uidNumber and gidNumber to 0 is a serious security problem.
  • Chad Skeeters
    Chad Skeeters about 7 years
    On my machine it was dn: olcDatabase={1}hdb,cn=config with an '=' after olcDatabase.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

OpenLDAP with ldaps support on Debian Lenny
OpenLdap: Why slapd tell me there's no DB_CONFIG when there is one
OpenLDAP ACL to allow users to change their password
How to disable anonymous access on LDAP
How to disable ldap and allow local authentication in debian server?
How to add ACL on OpenLDAP
What are the other alternative to test a LDAP connection on linux machine
inetOrgPerson with member or memberOf?
Nested Group LDAP Search Filter
How to add rights to an user with olcAccess, in an OpenLDAP 2.4