From 1ae9d88346021914681c3d41e3cde2c8cbd8d342 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sun, 2 Feb 2025 15:21:59 +0000
Subject: [PATCH] ldap_server: Allow everyone to read root object

---
 roles/ldap_server/templates/slapd.conf.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/ldap_server/templates/slapd.conf.j2 b/roles/ldap_server/templates/slapd.conf.j2
index 7ec559c..98efbea 100644
--- a/roles/ldap_server/templates/slapd.conf.j2
+++ b/roles/ldap_server/templates/slapd.conf.j2
@@ -139,6 +139,10 @@ authz-regexp
     "uid=([^.]\+),cn=login,cn=auth"
     "ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))"
 
+# allow everyone to read root object
+access to dn.base={{ ldap_basedn }}
+    by * read
+
 # require authentication for authenticated users that don't match above
 access to *
     by dn.children="cn=peercred,cn=external,cn=auth" auth