Hi sergiohnj,
Quote Originally Posted by sergiohnj View Post
Im working with SLES 11.1 and OpenLDAP 2.4.20.

In Yast Im trying configure "Access Control Configuration" but it doesnt work. I have to deploy 2 conditions: cn=userproxy,dc=users,dc=tree access read only over subtree dc=container,dc=tree and cn=admin,dc=users,dc=tree all access on all entries.

Over the rule "special access rules first, generic access rules last" i was set:

On "All entries", The user with the DN cn=admin,dc=users,dc=tree Manage (full), and "Stop Access Control evaluation here"
On "All Entries in the subtree" dc=container,dc=tree , The user with the DN cn=userproxy,dc=users,dc=tree read , and "Stop Access Control evaluation here"
All entries everybody read all attributes, "Stop Access Control evaluation here".

I could not find documentation on Access Control Configuration through YAST. Do you know where to get some information?

one way to check would be to look at what YaST put into /etc/openldap/slapd.conf and compare that to the OpenLDAP documentation.

Since SLES11SP1 is out of support (unless you have some special support contract), you might consider upgrading to a newer level (i.e. SP3). Depending on your use, I recall that the shipped OpenLDAP version had serious issues, especially in the area of replication.