ldap_server: Allow everyone to read root object

2025-02-02 15:21:59 +00:00 · 2025-02-02 15:21:59 +00:00 · 1ae9d88346
commit 1ae9d88346
parent b3ebfa71e7
1 changed files with 4 additions and 0 deletions
--- a/roles/ldap_server/templates/slapd.conf.j2
+++ b/roles/ldap_server/templates/slapd.conf.j2
@ -139,6 +139,10 @@ authz-regexp
    "uid=([^.]\+),cn=login,cn=auth"
    "ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))"

+# allow everyone to read root object
+access to dn.base={{ ldap_basedn }}
+    by * read
+
 # require authentication for authenticated users that don't match above
 access to *
    by dn.children="cn=peercred,cn=external,cn=auth" auth