Hello, group:
I'm attempting to set up slapd on Debian for basic refreshOnly replication. I've added a specific user for replication, and now I want to add a ACL so that this user has full read privileges .
I've added the following to my etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif:
PHP Code:
olcAccess: {0}to * by dn="cn=repluser,ou=replication,dc=mydomain,dc=com" read break
However this breaks logins by all but the master admin user. With this line set slapd rejects the password for both repluser and normal users. I've tried with and without the break (though based on my understanding the break is required) and I receive "ldap_bind: Invalid credentials (49)" with both combinations.
Here is my olc for this db:
PHP Code:
# {1}hdb, config
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=mydomain,dc=com
olcAccess: {0}to * by dn="cn=repluser,ou=replication,dc=mydomain,dc=com" read bre
ak
olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by anon
ymous auth by dn="cn=admin,dc=mydomain,dc=com" write by * none
olcAccess: {2}to dn.base="" by * read
olcAccess: {3}to * by self write by dn="cn=admin,dc=mydomain,dc=com" write
by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=mydomain,dc=com
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
Can someone please advise? I don't understand why this breaks logins completely. Thank you.
