[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
using ldapmodify and simple authentication
Hello.
Am I correct in understanding that in using Simple Authentication with
"ldapmodify" requires I use a "uid=nnn" struct in my DN of those users
I wish to have the ability to bind with authentication?
Can I get clarity. I'm using "ldapmodify" as such:
cat <<- !! > /tmp/input.$$
dn: uid=mr501,ou=Members,o=MedRepublic,c=US
add: foo
foo: Hello
!!
ldapmodify -v \
-f /tmp/input.$$ \
-h develop.medrepublic.com \
-W \
-D "uid=mr501,ou=Members,o=MedRepublic,c=US"
With the appropriate ACL definition in the /etc/slapd.conf file, this
works just fine. However, if I store my entities with a DN that does
not contain a "uid=nnn" pattern, I cannot get this to work. I get:
ldap_modify: Insufficient access
Demonstration of the problem:
1) I created a entry with a DN of: "dn: foo=mr501,ou=Members,o=MedRepublic,c=US",
This entry is exactly the same as the DN using "uid=mr501" that works above, with
only the "uid=" changed to "foo=".
2) I modified the following in my /etc/slapd.conf file and reset the
slapd daemon:
access to dn=".*,ou=Members,o=MedRepublic,c=US" by dn="foo=mr501,ou=Members,o=MedRepublic,c=US" write
3) I execute the "ldapmodify" command as such:
ldapmodify -v \
-f /tmp/input.$$ \
-h develop.medrepublic.com \
-W \
-D "foo=mr501,ou=Members,o=MedRepublic,c=US"
4) Upon entering the password, I get the "ldap_modify: Insufficient access"
message.
Can anyone identify what I'm overlooking? Am I misinterpreting the
intended implementation of the OpenLdap Simple authentication model?
--
Frank Koenen
Director of Technical Services
Monet Technologies Inc.
Email: fkoenen@virtualmonet.com Voice: 1-312-372-7500 x204 Fax: 1-312-372-6020
Visit us on the web: WWW.VIRTUALMONET.COM