[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Insufficient access ??



Here is the logs:
=================
Oct 24 11:50:16 pcDev slapd[28132]: slapd starting
Oct 24 11:50:23 pcDev slapd[28135]: daemon: conn=0 fd=9 connection from
IP=195.0.50.165:2578 (IP=0.0.0.0:389) accepted.
Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=0 BIND dn="CN=DE LEEUW
GUY,BR=INTERNAL,O=EUROFER,C=BE" method=128
Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=0 RESULT tag=97 err=0 text=
Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=1 SRCH base="o=Eurofer, c=be"
scope=1 filter="(objectClass=*)"
Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=1 SEARCH RESULT tag=101 err=0
text=
Oct 24 11:50:25 pcDev slapd[28136]: conn=0 op=2 SRCH base="br=Internal,
o=Eurofer, c=be" scope=1 filter="(objectClass=*)"
Oct 24 11:50:25 pcDev slapd[28136]: conn=0 op=2 SEARCH RESULT tag=101 err=0
text=
Oct 24 11:50:26 pcDev slapd[28136]: conn=0 op=3 SRCH base="cn=De Coster
Ariane, br=Internal, o=Eurofer, c=be" scope=0 filter="(objectClass=*)"
Oct 24 11:50:26 pcDev slapd[28136]: conn=0 op=3 SEARCH RESULT tag=101 err=0
text=
Oct 24 11:50:34 pcDev slapd[28136]: conn=0 op=4 MOD dn="cn=De Coster Ariane,
br=Internal, o=Eurofer, c=be"
Oct 24 11:50:34 pcDev slapd[28136]: conn=0 op=4 RESULT tag=103 err=50 text=
Oct 24 11:50:43 pcDev slapd[28136]: conn=0 op=5 SRCH base="o=Salle de
reunion, br=Internal, o=Eurofer, c=be" scope=0 filter="(objectClass=*)"
Oct 24 11:50:43 pcDev slapd[28136]: conn=0 op=5 SEARCH RESULT tag=101 err=0
text=
Oct 24 11:50:51 pcDev slapd[28136]: conn=0 op=6 MOD dn="o=Salle de reunion,
br=Internal, o=Eurofer, c=be"
Oct 24 11:50:51 pcDev slapd[28136]: conn=0 op=6 RESULT tag=103 err=50 text=

The entry look like this:
========================
dn: cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be
objectClass: EurPerson
objectClass: accessRole
uid: 14626496-6334
title: M.
telephoneNumber: +32 (2) 738.79.40
facsimileTelephoneNumber: +32 (2) 738.79.52
mail: G.De_Leeuw@eurofer.be
cn: De Leeuw Guy
sn: De Leeuw
givenName: Guy
userPassword: MyPasswd
modifiersName: cn=rootdn, o=Eurofer, c=be
modifyTimestamp: 20001024070817Z

The slapd.conf file :
=====================
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/usr/local/etc/openldap/schema/core.schema
include		/usr/local/etc/openldap/schema/cosine.schema
include		/usr/local/etc/openldap/schema/inetorgperson.schema

include		/ef/Dev/Linux/ldap/Eurofer.schema
# Define global ACLs to disable default read access.
defaultaccess none

access to attr=userPassword
	by self write
	by anonymous auth
	by * none

access to *
    by self write
	by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
    by * read


# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/usr/local/var/slapd.pid
argsfile	/usr/local/var/slapd.args

# Load dynamic backend modules:
# modulepath	/usr/local/libexec/openldap
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

#######################################################################
# ldbm database definitions
#######################################################################

database	ldbm
suffix		"o=Eurofer, c=be"
rootdn		"cn=rootdn, o=Eurofer, c=be"
rootpw		?
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
#directory	/usr/local/var/openldap-ldbm
directory	/ef/Dev/Linux/ldap/ldap-ldbm
# Indices to maintain
#index dn,cn,sn,givenname pres,eq,approx
index objectclass,uid eq
SIZELIMIT	5000


Guy



Same problems with 2.0.6.
Any other idee ?

Guy

-----Original Message-----
From: Jim Hud [mailto:jdhz@btinternet.com]
Sent: Tuesday, October 24, 2000 12:15 PM
To: De Leeuw guy
Subject: Re: Insufficient access ??


Strange, I can modify OK with the same client.  Are you sure the login is
being accepted?  Check the slapd logs.

I am using 2.0.6


----- Original Message -----
From: "De Leeuw guy" <G.De_Leeuw@eurofer.be>
To: "'Jim Hud'" <jdhz@btinternet.com>
Sent: Tuesday, October 24, 2000 11:10 AM
Subject: RE: Insufficient access ??


> Always the same : LDAP Browser/Editor v2.8
> Host = ldap.eurofer.be
> Base Dn = o=Eurofer, c=be
> User DN = cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be
> Password = myPaswd
>
> I can read all database except the userPassword attribute (except my
> userPassword) : this is correct.
> but I cannot update any entry
> (I have openldap 2.0.4)
>
> Guy
>
> -----Original Message-----
> From: Jim Hud [mailto:jdhz@btinternet.com]
> Sent: Tuesday, October 24, 2000 10:58 AM
> To: De Leeuw guy
> Subject: Re: Insufficient access ?? (CORRECTION)
>
>
> I am not sure but try:
>
> access to attr=userPassword
> by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
> by self write
> by anonymous auth
> by * none
>
> access to *
>     by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
>     by self write
>     by * read
>
> ----- Original Message -----
> From: "De Leeuw guy" <G.De_Leeuw@eurofer.be>
> To: <openldap-software@OpenLDAP.org>
> Sent: Tuesday, October 24, 2000 9:48 AM
> Subject: Insufficient access ?? (CORRECTION)
>
>
> > Hi all,
> >
> > Here is the acl extract of my slapd.conf :
> > ==========================================
> > # Define global ACLs to disable default read access.
> > defaultaccess none
> >
> > access to attr=userPassword
> > by self write
> > by anonymous auth
> > by * none
> >
> > access to *
> >     by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
> >     by self write
> >     by * read
> > =========================================
> >
> > when I'm connected with the dn="cn=De Leeuw Guy, br=Internal, o=Eurofer,
> > c=be"
> > it's impossible to create or modify an entry.
> > Why ?
> >
> > Thank's in advance
> >
> > Guy
> >
> >
>
>