On 12/2/18 7:45 PM, Alistair Cunningham wrote:
This is all done and working. In the end, the changes I needed were:
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: rootdse
dn: dc=example,dc=com
changetype: modify
delete: aci
aci: (targetattr!="userPassword || aci")(version 3.0; acl "Enable
anonymous access"; allow (read, search, compare)
userdn="ldap:///anyone";;)
dn: dc=example,dc=com
changetype: modify
add: aci
aci:
(target="ldap:///($dn),dc=example,dc=com")(targetattr!="userPassword
|| aci")(version 3.0;acl "aci";allow (read,search)
userdn="ldap:///cn=*,[$dn],dc=example,dc=com";;)
This page was also useful:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/managing_access_control-advanced_access_control_using_macro_acis
Many thanks to Olivier Judith, Mark Raynolds, and Ludwig Krispenz for
their help!
Glad you got working, and glad Ludwig mentioned macro aci's (these are
often overlooked)!
Best Regards,
Mark
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
