in order to grant read-only access to cn=config to a user or anyone you have to add following ACI (mostly it not recommended for anyone to have access at cn=config but in few cases you need to have anyone or user to have read only access to cn=config in order to read some vales)
use below command or add this ACI directly thru console
ldapmodify -D "cn=Directory Manager" -w <password> -p 389
dn: cn=config
changetype: modify
add: aci
aci: (target ="ldap:///cn=config*")(targetattr != "aci || connection")(versio
n 3.0; acl "config"; allow( read, search, compare ) userdn = "ldap:///anyon
e";)
use below command or add this ACI directly thru console
ldapmodify -D "cn=Directory Manager" -w <password> -p 389
dn: cn=config
changetype: modify
add: aci
aci: (target ="ldap:///cn=config*")(targetattr != "aci || connection")(versio
n 3.0; acl "config"; allow( read, search, compare ) userdn = "ldap:///anyon
e";)
No comments:
Post a Comment