Openldap: how to add an acl for cn=config starting by slapd.conf?

0

I usually configure from 0 openldap servers using slapd.conf and then converting to ldif

slaptest -f /etc/openldap/slapd.conf -F /etc/slapd.d

Works fine,but i want to add an acl wich must result like this in 

/etc/slapd.d/cn\=config.ldif

olcAccess: {0}to * by dn.base="cn=Manager,dc=ldap1,dc=server,dc=local" write
olcAccess: {1}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
 ,cn=auth write by * read

The question is: how to wrote those acl in slapd.conf? I put this 

access to *
        by dn.base="cn=Manager,dc=ldap1,dc=server,dc=local" write
        by * read

but create acl only on db files and not on /etc/slapd.d/cn\=config.ldif

elbarna

Posted 2016-02-15T02:13:35.227

Reputation: 148

Answers

0

Editing acls on

/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif

give me the permission to search with ldapsearch

And this is correct syntax with old slapd.conf

database config
access to *
    by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
    by * none

elbarna

Posted 2016-02-15T02:13:35.227

Reputation: 148

Asked: 2016-02-15T02:13:35.227

Viewed: 2 336 times

Active: 2016-02-20T06:11:17.410