Am Wed, 20 Sep 2017 14:20:54 -0400 (EDT) schrieb Robert Heller <hel...@deepsoft.com>:
> At Wed, 20 Sep 2017 19:30:17 +0200 Dieter =?UTF-8?B?S2zDvG50ZXI=?= > <die...@dkluenter.de> wrote: > > > > > Am Wed, 20 Sep 2017 12:32:37 -0400 (EDT) > > schrieb Robert Heller <hel...@deepsoft.com>: > > > > > OK, I fixed the ACLs (I think), but it is still not working. I > > > turned on verbose debugging for sssd[pam] and moderate debugging > > > for slapd. > > >=20 > > > Here are my ACLs > > > in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{2}hdb.ldif: > > >=20 > > > olcAccess: {0}to attrs=3DuserPassword > > > by self write > > > by anonymous auth > > > by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write > > > by * none > > > olcAccess: {1}to * > > > by dn=3Duid=3Dheller,ou=3DPeople,dc=3Ddeepsoft,dc=3Dcom write > > > by * read > > >=20 > > > There are also these olcAccess entries: > > >=20 > > > in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{0}config.ldif: > > >=20 > > > olcAccess: {0}to * by > > > dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern > > > al,cn=3D= > > auth" > > > manage by * none > > >=20 > > > and > > > in /etc/openldap/slapd.d/cn\=3Dconfig/olcDatabase\=3D{1}monitor.ldif: > > >=20 > > > olcAccess: {0}to * by > > > dn.base=3D"gidNumber=3D0+uidNumber=3D0,cn=3Dpeercred,cn=3Dextern > > > al,cn=3D= > > auth" > > > read by dn.base=3D"cn=3DManager,dc=3Ddeepsoft,dc=3Dcom" read by * > > > none > > [...] > > > > You may run slapd in debugging mode 128. > > How do I do that using the "new" configuration method in > /etc/openldap/slapd.d? > > I added: > > logLevel: 128 > > to the end of /etc/openldap/slapd.d/cn=config.ldif > > But it does not like it: [...] man slapd(8), $(EXECDIR)/slapd -h ldap:/// -F $(CONFIGDIR)/slapd.d -u $USER -g $GROUP -d 128 -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E