iulian roman via FreeIPA-users wrote:
Hello,
I tried to grant read/search access to a specific subtree in IPA for anonymous bind. The
ipa permission-add command completed successfully, but when I try ldapsearch it does not
display any objects.
ipa permission-show 'read oracle context'
Permission name: read oracle context
Granted rights: read, search, compare
Bind rule type: anonymous
Subtree: cn=OracleContext,dc=ipadev,dc=example,dc=com
Target DN: cn=*,cn=OracleContext,dc=ipadev,dc=example,dc=com
Permission flags: SYSTEM, V2
ldapsearch -h ipadevserver -p 389 -x -b
"cn=OracleContext,dc=ipadev,dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <cn=OracleContext,dc=ipadev,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
Any idea what is wrong or what do I need to change ?
It's not possible to say without seeing what the entries in
cn=OracleContext,dc=ipadev,dc=example,dc=com look like. Do they all have
cn defined?
You might also consider using --filter instead of --target.
rob