[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Insufficient access ??



No, but I try also :

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/usr/local/etc/openldap/schema/core.schema
include		/usr/local/etc/openldap/schema/cosine.schema
include		/usr/local/etc/openldap/schema/inetorgperson.schema

include		/ef/Dev/Linux/ldap/Eurofer.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		/usr/local/var/slapd.pid
argsfile	/usr/local/var/slapd.args

# Load dynamic backend modules:
# modulepath	/usr/local/libexec/openldap
# moduleload	back_ldap.la
# moduleload	back_ldbm.la
# moduleload	back_passwd.la
# moduleload	back_shell.la

#######################################################################
# ldbm database definitions
#######################################################################

database	ldbm
defaultaccess none

access to attr=userPassword
	by self write
	by anonymous auth
	by * none

access to *
    by self write
	by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
    by * read

suffix		"o=Eurofer, c=be"
rootdn		"cn=rootdn, o=Eurofer, c=be"
rootpw		?
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
#directory	/usr/local/var/openldap-ldbm
directory	/ef/Dev/Linux/ldap/ldap-ldbm
# Indices to maintain
#index dn,cn,sn,givenname pres,eq,approx
index objectclass,uid eq
SIZELIMIT	5000

Guy

-----Original Message-----
From: Jim Hud [mailto:jdhz@btinternet.com]
Sent: Tuesday, October 24, 2000 2:18 PM
To: De Leeuw guy
Subject: Re: Insufficient access ??


Surely the acl should be below the database entry?


----- Original Message -----
From: "De Leeuw guy" <G.De_Leeuw@eurofer.be>
To: "'Jim Hud'" <jdhz@btinternet.com>
Cc: <openldap-software@OpenLDAP.org>
Sent: Tuesday, October 24, 2000 1:10 PM
Subject: RE: Insufficient access ??


> Here is the logs:
> =================
> Oct 24 11:50:16 pcDev slapd[28132]: slapd starting
> Oct 24 11:50:23 pcDev slapd[28135]: daemon: conn=0 fd=9 connection from
> IP=195.0.50.165:2578 (IP=0.0.0.0:389) accepted.
> Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=0 BIND dn="CN=DE LEEUW
> GUY,BR=INTERNAL,O=EUROFER,C=BE" method=128
> Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=0 RESULT tag=97 err=0 text=
> Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=1 SRCH base="o=Eurofer,
c=be"
> scope=1 filter="(objectClass=*)"
> Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=1 SEARCH RESULT tag=101
err=0
> text=
> Oct 24 11:50:25 pcDev slapd[28136]: conn=0 op=2 SRCH base="br=Internal,
> o=Eurofer, c=be" scope=1 filter="(objectClass=*)"
> Oct 24 11:50:25 pcDev slapd[28136]: conn=0 op=2 SEARCH RESULT tag=101
err=0
> text=
> Oct 24 11:50:26 pcDev slapd[28136]: conn=0 op=3 SRCH base="cn=De Coster
> Ariane, br=Internal, o=Eurofer, c=be" scope=0 filter="(objectClass=*)"
> Oct 24 11:50:26 pcDev slapd[28136]: conn=0 op=3 SEARCH RESULT tag=101
err=0
> text=
> Oct 24 11:50:34 pcDev slapd[28136]: conn=0 op=4 MOD dn="cn=De Coster
Ariane,
> br=Internal, o=Eurofer, c=be"
> Oct 24 11:50:34 pcDev slapd[28136]: conn=0 op=4 RESULT tag=103 err=50
text=
> Oct 24 11:50:43 pcDev slapd[28136]: conn=0 op=5 SRCH base="o=Salle de
> reunion, br=Internal, o=Eurofer, c=be" scope=0 filter="(objectClass=*)"
> Oct 24 11:50:43 pcDev slapd[28136]: conn=0 op=5 SEARCH RESULT tag=101
err=0
> text=
> Oct 24 11:50:51 pcDev slapd[28136]: conn=0 op=6 MOD dn="o=Salle de
reunion,
> br=Internal, o=Eurofer, c=be"
> Oct 24 11:50:51 pcDev slapd[28136]: conn=0 op=6 RESULT tag=103 err=50
text=
>
> The entry look like this:
> ========================
> dn: cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be
> objectClass: EurPerson
> objectClass: accessRole
> uid: 14626496-6334
> title: M.
> telephoneNumber: +32 (2) 738.79.40
> facsimileTelephoneNumber: +32 (2) 738.79.52
> mail: G.De_Leeuw@eurofer.be
> cn: De Leeuw Guy
> sn: De Leeuw
> givenName: Guy
> userPassword: MyPasswd
> modifiersName: cn=rootdn, o=Eurofer, c=be
> modifyTimestamp: 20001024070817Z
>
> The slapd.conf file :
> =====================
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26
17:06:18
> kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
>
> include /ef/Dev/Linux/ldap/Eurofer.schema
> # Define global ACLs to disable default read access.
> defaultaccess none
>
> access to attr=userPassword
> by self write
> by anonymous auth
> by * none
>
> access to *
>     by self write
> by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
>     by * read
>
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /usr/local/var/slapd.pid
> argsfile /usr/local/var/slapd.args
>
> # Load dynamic backend modules:
> # modulepath /usr/local/libexec/openldap
> # moduleload back_ldap.la
> # moduleload back_ldbm.la
> # moduleload back_passwd.la
> # moduleload back_shell.la
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database ldbm
> suffix "o=Eurofer, c=be"
> rootdn "cn=rootdn, o=Eurofer, c=be"
> rootpw ?
> # Cleartext passwords, especially for the rootdn, should
> # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> # The database directory MUST exist prior to running slapd AND
> # should only be accessable by the slapd/tools. Mode 700 recommended.
> #directory /usr/local/var/openldap-ldbm
> directory /ef/Dev/Linux/ldap/ldap-ldbm
> # Indices to maintain
> #index dn,cn,sn,givenname pres,eq,approx
> index objectclass,uid eq
> SIZELIMIT 5000
>
>
> Guy
>
>
>
> Same problems with 2.0.6.
> Any other idee ?
>
> Guy
>
> -----Original Message-----
> From: Jim Hud [mailto:jdhz@btinternet.com]
> Sent: Tuesday, October 24, 2000 12:15 PM
> To: De Leeuw guy
> Subject: Re: Insufficient access ??
>
>
> Strange, I can modify OK with the same client.  Are you sure the login is
> being accepted?  Check the slapd logs.
>
> I am using 2.0.6
>
>
> ----- Original Message -----
> From: "De Leeuw guy" <G.De_Leeuw@eurofer.be>
> To: "'Jim Hud'" <jdhz@btinternet.com>
> Sent: Tuesday, October 24, 2000 11:10 AM
> Subject: RE: Insufficient access ??
>
>
> > Always the same : LDAP Browser/Editor v2.8
> > Host = ldap.eurofer.be
> > Base Dn = o=Eurofer, c=be
> > User DN = cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be
> > Password = myPaswd
> >
> > I can read all database except the userPassword attribute (except my
> > userPassword) : this is correct.
> > but I cannot update any entry
> > (I have openldap 2.0.4)
> >
> > Guy
> >
> > -----Original Message-----
> > From: Jim Hud [mailto:jdhz@btinternet.com]
> > Sent: Tuesday, October 24, 2000 10:58 AM
> > To: De Leeuw guy
> > Subject: Re: Insufficient access ?? (CORRECTION)
> >
> >
> > I am not sure but try:
> >
> > access to attr=userPassword
> > by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
> > by self write
> > by anonymous auth
> > by * none
> >
> > access to *
> >     by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
> >     by self write
> >     by * read
> >
> > ----- Original Message -----
> > From: "De Leeuw guy" <G.De_Leeuw@eurofer.be>
> > To: <openldap-software@OpenLDAP.org>
> > Sent: Tuesday, October 24, 2000 9:48 AM
> > Subject: Insufficient access ?? (CORRECTION)
> >
> >
> > > Hi all,
> > >
> > > Here is the acl extract of my slapd.conf :
> > > ==========================================
> > > # Define global ACLs to disable default read access.
> > > defaultaccess none
> > >
> > > access to attr=userPassword
> > > by self write
> > > by anonymous auth
> > > by * none
> > >
> > > access to *
> > >     by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
> > >     by self write
> > >     by * read
> > > =========================================
> > >
> > > when I'm connected with the dn="cn=De Leeuw Guy, br=Internal,
o=Eurofer,
> > > c=be"
> > > it's impossible to create or modify an entry.
> > > Why ?
> > >
> > > Thank's in advance
> > >
> > > Guy
> > >
> > >
> >
> >
>
>