I have ldap up and running and thought i understood how it was all
working but access control has me stumped all i want to do is lock down the
infomation so that users can only edit there own records. Later it would
be handy to have different people being able to see different aspects i.e
outside cranfield would only get name and e-mail. However i can't see to
make it work.
If i try to modify my record (ldif file)
dn: cn=paul d , o=cranfield, c=uk
cn: paul d
sn:
burnet
objectclass: person
givenname: jase
userPassword:
data
to change the givenname : using
ldapmodify -b -r -D "cn=paul, o=cranfield, c=uk" -w password -f
/usr/local/myldif
I think not "password" but
"data".
i get insufficient access problems.
where am i going wrong there just seems to be no information out
there on access control
my slapd.conf is below
#
# See slapd.conf(5) for details on configuration options.
# This
file should NOT be world
readable.
#
include
/usr/local/etc/openldap/slapd.at.conf
include
/usr/local/etc/openldap/slapd.oc.conf
schemacheck
off
#referral
ldap://root.openldap.org/
pidfile
/usr/local/var/slapd.pid
argsfile
/usr/local/var/slapd.args
#######################################################################
#
ldbm database
definitions
#######################################################################
database
ldbm
suffix
"o=cranfield,c=uk"
rootdn
"cn=Manager,o=cranfield,c=uk"
rootpw
password
#ro
# cleartext passwords, especially for the rootdn,
should
# be avoid. See slapd.conf(5) for
details.
directory /usr/tmp
defaultaccess read
access to *
by self write
thanks for any help
paul