[Samba] "ldap passwd sync" not working - SOLVED

Guenther Deschner gd at samba.org
Sat Feb 5 20:33:29 GMT 2005


Hi,

On Sat, Feb 05, 2005 at 11:33:39PM +0300, Alexander Zubkov wrote:
> Yeah! I did it, thanks all, who helped.
> Searching for "rootDSE" in Internet showed that it is exported by LDAP 
> server as other data (in common words) so access control are applied to 
> it too. And my hands ( lame ;) ) wrote at the end of slapd.conf:
> access dn=".*,dc=domain,dc=my" by * read
> But rootDSE, of course not subtree of this! And LDAP, honestly, denied 
> access to it. So the solution was:
> access to * by * read



It is much better to set 

	access to dn.base="" by * read

to prevent to open potential security gap. The above ACL only allows
world-read access to the root-dse and not to all other non-matched content
of your entire DIT.

Thanks,

Guenther

-- 
Guenther Deschner                                               Samba Team
SerNet GmbH - Goettingen                                      gd at samba,org
gd at sernet.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20050205/9d1b415d/attachment.bin


More information about the samba mailing list