[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: openldap acl question

On Fri, Dec 10, 2004 at 01:23:14PM -0600, bob@evilkat.com wrote:
> The end result is that the machine and admin accounts can see the right 
> structure but when I click on a user account with gq it errors out badly 
> with a complaint about not being able to contact the schema server. Also
> doing ldapsearch's nothing is returned.  I believe I need an acl to allow
> for those accounts to see the schema behind the entries.  Any help or 
> comments on this would be greatly appreciated. 

well i still would appreciate any comments on my acl design or thoughts on 
ways to make it better but with a slight change I now have results out of
ldapsearch using the admin and machine accounts.  I was missing a break 
statement on the end of each rule that governed the users attributes.  I 
believe that it was stopping with the entry match and not showing any 
attributes to the client (so it couldn't match cn=* or any other search).
Gq still dies miserably on a schema error so it's less than helpful.  Any
thoughts are appreciated.


To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.