I'm having some difficulty configuring my LDAP ACL with pam_ldap and nss_ldap.
My goal is to allow access to the LDAP directory only to authentication processes and managers. In other words I want to prohibit read access to the world while allowing authentication access and read/write access to certain manager accounts.
However anytime I try to limit read access the authentication processes stop working.
My only ACL at present is in slapd.conf
Access to dn="*.,dc=mysite,dc=com"
by * read
by * auth
and my nsswitch.conf has the following
passwd: ldap files
shadow: ldap files
group: ldap files
As I said, I've tried many different configurations but can't avoid the * read access permission.
Thanks for any help with this issue.