[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL query : write by self without passwords ?
With respect to ACLs, what defines the 'self' category? I was assuming
that
this was a matching dn, but is there something more subtle involving
authentication of passwords?
I have a simple directory which contains entries corresponding to server
processes. I created a new object type which has a couple of attributes,
but I
didn't associated a password attribute with the class. When a processes
starts
up, I want it to lookup its own entry in the directory, and update
attributes
which differ from its current state.
I have a person object for root in the directory, and when I bind as
root I can
do the modify OK, as expected. This proves that the input file is valid
too.
But when I try and bind as one of the entries I get -
ldapmodify -D "cn=xxxyy,dc=servers" -r -f /tmp/modf
modifying entry cn=xxxyy,dc=servers
ldap_modify: Insufficient access
Does this mean I have to ammend my object definition to have a password
attribute just to jump through an authentication hoop somewhere and
allow the
modify ?
My slapd config for the directory is
database ldbm
suffix "dc=servers"
rootdn "cn=mechanik, dc=servers"
rootpw secret
#rootpw {md5}5Gq1w8ohXqgQp6NumIwz3g==
directory /export/tools/nippn/machines
access to *
by self write
by * read
Oh yeah, just pasting this in here made me think of another question.
How do
you change the rootpw once the database is created? I flipped over the
entries
above but that changes nothing. Do I need to do a ldapmodify of rootpw
when
bound as root ?
thanks
Tim