From openldap-technical  Thu Nov 30 17:36:55 2023
From: Howard Chu <hyc () symas ! com>
Date: Thu, 30 Nov 2023 17:36:55 +0000
To: openldap-technical
Subject: Re: solaris client ldap-backend to AD and DSE
Message-Id: <5086f5ae-d6fd-8e18-2ffb-bb18d82bb424 () symas ! com>
X-MARC-Message: https://marc.info/?l=openldap-technical&m=170136580531702

Craig H Silva (Cenitex) wrote:
> from config:
> 
> # {1}ldap, config
> dn: olcDatabase={1}ldap,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcLDAPConfig
> olcDatabase: {1}ldap
> olcSuffix: dc=myorg,dc=lcl
> olcAccess: {0}to dn.base="" by * read
> olcAccess: {1}to dn.base="cn=Schema" by * read
> olcAccess: {2}to dn.base="cn=Subschema" by * read

The above 3 ACLs are useless since none of them reside under the olcSuffix namespace.

> olcAccess: {3}to * by self read by users read by anonymous auth
> olcAddContentAcl: FALSE
> olcLastMod: FALSE
> olcMaxDerefDepth: 15
> olcReadOnly: TRUE
> olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> olcSyncUseSubentry: FALSE
> olcMonitoring: FALSE
> olcDbURI: "ldaps://myorgdevad.myorgdev.lcl:636"
> 
> Any guidance appreciated - logs available on request.



-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/