Unable to search as an ordinary user.

[JamesAAllsopp]

Hi, I can search as an admin user exactly as expected, but I get nothing when trying to search as a normal user. This isn't the standard behavior for openldap.

The command I'm using to search is ''' ldapsearch -WZx -D "cn=admin,dc=" -b "ou=people,dc=" -H ldap://127.0.0.1 -LLL ''' This works fine, but replacing admin for another user just gives No such object (32).

I'd like all non admin users to be able to search, just not write. How do I change this, Thanks

[koelle25]

Hi,

you can find the ACL which prevents non-admin users from reading any other entries than themselves here: image/service/slapd/assets/config/bootstrap/ldif/02-security.ldif.

You will have to modify/replace these ACL(s) according to your needs, either on first start or after that e.g. by using ldapmodify. For the latter create an LDIF file, e.g. my-new-acls.ldif, copy in the contents of the original 02-security.ldif, make your changes and then use:

$ ldapmodify -WZx -D "cn=admin,cn=config" -H ldap://127.0.0.1 -f my-new-acls.ldif

(you will have to use the config admin with its LDAP_CONFIG_PASSWORD for this to work)

[christf]

this information would be awesome in the readme.

[aenima-x]

I have replaced the 02-security.ldif to not apply the ACL and I still have the (32) response

[jbmarin]

can you show your ACL ?

[sandipb]

If you have already set up your server, use the steps I mentioned in https://github.com/osixia/docker-openldap/issues/134#issuecomment-1178447304 else use the ACL there for your initial config as mentioned earlier.