[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL query : write by self without passwords ?

To: openldap-software@OpenLDAP.org
Subject: ACL query : write by self without passwords ?
From: tim fulcher <fulchetr@drink.bt.co.uk>
Date: Tue, 02 May 2000 17:27:50 +0100
Organization: British Telecommunications plc

With respect to  ACLs, what defines the 'self' category? I was assuming
that
this was a matching dn, but is there something more subtle involving
authentication of passwords?

I have a simple directory which contains entries corresponding to server

processes. I created a new object type which has a couple of attributes,
but I
didn't associated a password attribute with the class. When a processes
starts
up, I want it to lookup its own entry in the directory, and update
attributes
which differ from its current state.

I have a person object for root in the directory, and when I bind as
root I can
do the modify OK, as expected. This proves that the input file is valid
too.
But when I try and bind as one of the entries I get -

 ldapmodify -D "cn=xxxyy,dc=servers" -r -f /tmp/modf
modifying entry cn=xxxyy,dc=servers
ldap_modify: Insufficient access

Does this mean I have to ammend my object definition to have a password
attribute just to jump through an authentication hoop somewhere and
allow the
modify ?

My slapd config for the directory is

database        ldbm
suffix          "dc=servers"
rootdn          "cn=mechanik, dc=servers"
rootpw          secret
#rootpw         {md5}5Gq1w8ohXqgQp6NumIwz3g==
directory       /export/tools/nippn/machines
access to *
        by self write
        by * read


Oh yeah, just pasting this in here made me think of another question.
How do
you change the rootpw once the database is created? I flipped over the
entries
above but that changes nothing. Do I need to do a ldapmodify of rootpw
when
bound as root ?

thanks


Tim

Prev by Date: Re: Mail groups
Next by Date: replicating subtrees of the directory only
Index(es):
- Chronological
- Thread