|
I have ldap up and running and thought i understood how it was all working
but access control has me stumped all i want to do is lock down the infomation
so that users can only edit there own records. Later it would be handy to
have different people being able to see different aspects i.e outside cranfield
would only get name and e-mail. However i can't see to make it work.
If i try to modify my record (ldif file)
dn: cn=paul d , o=cranfield, c=uk
cn: paul d sn: burnet objectclass: person givenname: jase userPassword: data to change the givenname : using
ldapmodify -b -r -D "cn=paul, o=cranfield, c=uk" -w password -f
/usr/local/myldif
i get insufficient access problems.
where am i going wrong there just seems to be no information out there
on access control
my slapd.conf is below
#
# See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/slapd.at.conf include /usr/local/etc/openldap/slapd.oc.conf schemacheck off #referral ldap://root.openldap.org/ pidfile
/usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args #######################################################################
# ldbm database definitions ####################################################################### database
ldbm
suffix "o=cranfield,c=uk" rootdn "cn=Manager,o=cranfield,c=uk" rootpw password #ro # cleartext passwords, especially for the rootdn, should # be avoid. See slapd.conf(5) for details. directory /usr/tmp defaultaccess read
access to *
by self write
thanks for any help
paul |