[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL for adding subtree

To: ramana.ramachandran@wcom.com
Subject: Re: ACL for adding subtree
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 06 Aug 1999 13:47:59 -0700
Cc: "OpenLDAP-software@OpenLDAP.org" <OpenLDAP-software@OpenLDAP.org>
In-reply-to: <37AB3CA2.C5B2451F@wcom.com>

At 02:50 PM 8/6/99 -0500, ramana.ramachandran@wcom.com wrote:
>hi
>After many tries, I am still unable to add entries beneath the bind
>entry. Here is the acl and the ldif. While I understand the ACL stuff,
>implementing an access scheme has been a hair tearing experience.
>
>I am able to bind to  "uid=ramana,ou=CS,o=IISc,c=IN" but when I try to
>add an address object underneath it I get
>
>$ ldapadd -W -D"uid=ramana, ou=CS, o=IISc, c=IN" -f address.ldif
>Enter LDAP Password: 
>adding new entry cn=Address, uid=ramana, ou=CS, o=IISc, c=IN
>ldap_add: Insufficient access

Did you grant "uid=ramana, ou=CS, o=IISc, c=IN" write permission
to "uid=ramana, ou=CS, o=IISc, c=IN" entry's "children" ?

># subtree write (if DN fits within naming)
># other dn's, read
># default none
>access to
>dn="^.+,([:alnum:]+=[:alnum:]+,[:alnum:]+=[:alnum:]+,o=IISc,c=IN)$"
>    by dn="$1" write
>    by dn=".*,o=IISc,c=IN" read
>    by * none

This doesn't grant the require permission.

>=> access_allowed: exit (uid=ramana, ou=CS, o=IISc, c=IN) attr
>(children)
>no access to parent

Apparently none of your ACLs do.

References:
- ACL for adding subtree
  - From: ramana.ramachandran@wcom.com

Prev by Date: Re: Database limitations
Next by Date: Re: Quick Start Guide
Index(es):
- Chronological
- Thread