Le 25/10/2025 à 04:45, [email protected] a écrit :
OS: Debian 13 Running in an LXC on Proxmox VE 9.0.10
OpenLDAP Ver:
@(#) $OpenLDAP: slapd 2.6.10+dfsg-1 (May 29 2025 23:41:48) $
Debian OpenLDAP Maintainers
<[email protected]>
Current mdb ACL (Playing around with ACLS to get this to work)
# {1}mdb, config
dn: olcDatabase={1}mdb,cn=config
olcAccess: {0}to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=externa
l,cn=auth" manage
olcAccess: {1}to * by dn.exact="cn=admin,dc=ahmza,dc=com" manage
olcAccess: {2}to attrs=userPassword by anonymous auth by self auth
olcAccess: {3}to * by * none
...
Oct 25 02:30:35 ldap slapd[460]: => slap_access_allowed: auth access denied by
=0
...
The ACLs should be:
dn: olcDatabase={1}mdb,cn=config
olcAccess: {0}to * by
dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
manage by * break
olcAccess: {1}to * by dn.exact="cn=admin,dc=ahmza,dc=com" manage by * break
olcAccess: {2}to attrs=userPassword by anonymous auth by * break
olcAccess: {3}to * by * none
First two ones could be merged in a single one.
--
Clément Oudot | Identity Solutions Manager
Worteks | https://www.worteks.com
