[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Insufficient access ??



All I can say is that the following works in my system:

database ldbm
#defaultaccess none - not in use*******

access to attr=userPassword
 by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
 by self write
 by anonymous auth
 by * none

 access to *
     by self write
 by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
     by * read

I am sure that Kurt will pick this up.

----- Original Message -----
From: "De Leeuw guy" <G.De_Leeuw@eurofer.be>
To: "'Jim Hud'" <jdhz@btinternet.com>
Cc: <openldap-software@OpenLDAP.org>
Sent: Tuesday, October 24, 2000 1:34 PM
Subject: RE: Insufficient access ??


> No, but I try also :
>
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26
17:06:18
> kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
>
> include /ef/Dev/Linux/ldap/Eurofer.schema
>
> # Define global ACLs to disable default read access.
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /usr/local/var/slapd.pid
> argsfile /usr/local/var/slapd.args
>
> # Load dynamic backend modules:
> # modulepath /usr/local/libexec/openldap
> # moduleload back_ldap.la
> # moduleload back_ldbm.la
> # moduleload back_passwd.la
> # moduleload back_shell.la
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database ldbm
> defaultaccess none
>
> access to attr=userPassword
> by self write
> by anonymous auth
> by * none
>
> access to *
>     by self write
> by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
>     by * read
>
> suffix "o=Eurofer, c=be"
> rootdn "cn=rootdn, o=Eurofer, c=be"
> rootpw ?
> # Cleartext passwords, especially for the rootdn, should
> # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> # The database directory MUST exist prior to running slapd AND
> # should only be accessable by the slapd/tools. Mode 700 recommended.
> #directory /usr/local/var/openldap-ldbm
> directory /ef/Dev/Linux/ldap/ldap-ldbm
> # Indices to maintain
> #index dn,cn,sn,givenname pres,eq,approx
> index objectclass,uid eq
> SIZELIMIT 5000
>
> Guy
>
> -----Original Message-----
> From: Jim Hud [mailto:jdhz@btinternet.com]
> Sent: Tuesday, October 24, 2000 2:18 PM
> To: De Leeuw guy
> Subject: Re: Insufficient access ??
>
>
> Surely the acl should be below the database entry?
>
>
> ----- Original Message -----
> From: "De Leeuw guy" <G.De_Leeuw@eurofer.be>
> To: "'Jim Hud'" <jdhz@btinternet.com>
> Cc: <openldap-software@OpenLDAP.org>
> Sent: Tuesday, October 24, 2000 1:10 PM
> Subject: RE: Insufficient access ??
>
>
> > Here is the logs:
> > =================
> > Oct 24 11:50:16 pcDev slapd[28132]: slapd starting
> > Oct 24 11:50:23 pcDev slapd[28135]: daemon: conn=0 fd=9 connection from
> > IP=195.0.50.165:2578 (IP=0.0.0.0:389) accepted.
> > Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=0 BIND dn="CN=DE LEEUW
> > GUY,BR=INTERNAL,O=EUROFER,C=BE" method=128
> > Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=0 RESULT tag=97 err=0
text=
> > Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=1 SRCH base="o=Eurofer,
> c=be"
> > scope=1 filter="(objectClass=*)"
> > Oct 24 11:50:23 pcDev slapd[28136]: conn=0 op=1 SEARCH RESULT tag=101
> err=0
> > text=
> > Oct 24 11:50:25 pcDev slapd[28136]: conn=0 op=2 SRCH base="br=Internal,
> > o=Eurofer, c=be" scope=1 filter="(objectClass=*)"
> > Oct 24 11:50:25 pcDev slapd[28136]: conn=0 op=2 SEARCH RESULT tag=101
> err=0
> > text=
> > Oct 24 11:50:26 pcDev slapd[28136]: conn=0 op=3 SRCH base="cn=De Coster
> > Ariane, br=Internal, o=Eurofer, c=be" scope=0 filter="(objectClass=*)"
> > Oct 24 11:50:26 pcDev slapd[28136]: conn=0 op=3 SEARCH RESULT tag=101
> err=0
> > text=
> > Oct 24 11:50:34 pcDev slapd[28136]: conn=0 op=4 MOD dn="cn=De Coster
> Ariane,
> > br=Internal, o=Eurofer, c=be"
> > Oct 24 11:50:34 pcDev slapd[28136]: conn=0 op=4 RESULT tag=103 err=50
> text=
> > Oct 24 11:50:43 pcDev slapd[28136]: conn=0 op=5 SRCH base="o=Salle de
> > reunion, br=Internal, o=Eurofer, c=be" scope=0 filter="(objectClass=*)"
> > Oct 24 11:50:43 pcDev slapd[28136]: conn=0 op=5 SEARCH RESULT tag=101
> err=0
> > text=
> > Oct 24 11:50:51 pcDev slapd[28136]: conn=0 op=6 MOD dn="o=Salle de
> reunion,
> > br=Internal, o=Eurofer, c=be"
> > Oct 24 11:50:51 pcDev slapd[28136]: conn=0 op=6 RESULT tag=103 err=50
> text=
> >
> > The entry look like this:
> > ========================
> > dn: cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be
> > objectClass: EurPerson
> > objectClass: accessRole
> > uid: 14626496-6334
> > title: M.
> > telephoneNumber: +32 (2) 738.79.40
> > facsimileTelephoneNumber: +32 (2) 738.79.52
> > mail: G.De_Leeuw@eurofer.be
> > cn: De Leeuw Guy
> > sn: De Leeuw
> > givenName: Guy
> > userPassword: MyPasswd
> > modifiersName: cn=rootdn, o=Eurofer, c=be
> > modifyTimestamp: 20001024070817Z
> >
> > The slapd.conf file :
> > =====================
> > # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26
> 17:06:18
> > kurt Exp $
> > #
> > # See slapd.conf(5) for details on configuration options.
> > # This file should NOT be world readable.
> > #
> > include /usr/local/etc/openldap/schema/core.schema
> > include /usr/local/etc/openldap/schema/cosine.schema
> > include /usr/local/etc/openldap/schema/inetorgperson.schema
> >
> > include /ef/Dev/Linux/ldap/Eurofer.schema
> > # Define global ACLs to disable default read access.
> > defaultaccess none
> >
> > access to attr=userPassword
> > by self write
> > by anonymous auth
> > by * none
> >
> > access to *
> >     by self write
> > by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
> >     by * read
> >
> >
> > # Do not enable referrals until AFTER you have a working directory
> > # service AND an understanding of referrals.
> > #referral ldap://root.openldap.org
> >
> > pidfile /usr/local/var/slapd.pid
> > argsfile /usr/local/var/slapd.args
> >
> > # Load dynamic backend modules:
> > # modulepath /usr/local/libexec/openldap
> > # moduleload back_ldap.la
> > # moduleload back_ldbm.la
> > # moduleload back_passwd.la
> > # moduleload back_shell.la
> >
> > #######################################################################
> > # ldbm database definitions
> > #######################################################################
> >
> > database ldbm
> > suffix "o=Eurofer, c=be"
> > rootdn "cn=rootdn, o=Eurofer, c=be"
> > rootpw ?
> > # Cleartext passwords, especially for the rootdn, should
> > # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> > # Use of strong authentication encouraged.
> > # The database directory MUST exist prior to running slapd AND
> > # should only be accessable by the slapd/tools. Mode 700 recommended.
> > #directory /usr/local/var/openldap-ldbm
> > directory /ef/Dev/Linux/ldap/ldap-ldbm
> > # Indices to maintain
> > #index dn,cn,sn,givenname pres,eq,approx
> > index objectclass,uid eq
> > SIZELIMIT 5000
> >
> >
> > Guy
> >
> >
> >
> > Same problems with 2.0.6.
> > Any other idee ?
> >
> > Guy
> >
> > -----Original Message-----
> > From: Jim Hud [mailto:jdhz@btinternet.com]
> > Sent: Tuesday, October 24, 2000 12:15 PM
> > To: De Leeuw guy
> > Subject: Re: Insufficient access ??
> >
> >
> > Strange, I can modify OK with the same client.  Are you sure the login
is
> > being accepted?  Check the slapd logs.
> >
> > I am using 2.0.6
> >
> >
> > ----- Original Message -----
> > From: "De Leeuw guy" <G.De_Leeuw@eurofer.be>
> > To: "'Jim Hud'" <jdhz@btinternet.com>
> > Sent: Tuesday, October 24, 2000 11:10 AM
> > Subject: RE: Insufficient access ??
> >
> >
> > > Always the same : LDAP Browser/Editor v2.8
> > > Host = ldap.eurofer.be
> > > Base Dn = o=Eurofer, c=be
> > > User DN = cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be
> > > Password = myPaswd
> > >
> > > I can read all database except the userPassword attribute (except my
> > > userPassword) : this is correct.
> > > but I cannot update any entry
> > > (I have openldap 2.0.4)
> > >
> > > Guy
> > >
> > > -----Original Message-----
> > > From: Jim Hud [mailto:jdhz@btinternet.com]
> > > Sent: Tuesday, October 24, 2000 10:58 AM
> > > To: De Leeuw guy
> > > Subject: Re: Insufficient access ?? (CORRECTION)
> > >
> > >
> > > I am not sure but try:
> > >
> > > access to attr=userPassword
> > > by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
> > > by self write
> > > by anonymous auth
> > > by * none
> > >
> > > access to *
> > >     by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
> > >     by self write
> > >     by * read
> > >
> > > ----- Original Message -----
> > > From: "De Leeuw guy" <G.De_Leeuw@eurofer.be>
> > > To: <openldap-software@OpenLDAP.org>
> > > Sent: Tuesday, October 24, 2000 9:48 AM
> > > Subject: Insufficient access ?? (CORRECTION)
> > >
> > >
> > > > Hi all,
> > > >
> > > > Here is the acl extract of my slapd.conf :
> > > > ==========================================
> > > > # Define global ACLs to disable default read access.
> > > > defaultaccess none
> > > >
> > > > access to attr=userPassword
> > > > by self write
> > > > by anonymous auth
> > > > by * none
> > > >
> > > > access to *
> > > >     by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
> > > >     by self write
> > > >     by * read
> > > > =========================================
> > > >
> > > > when I'm connected with the dn="cn=De Leeuw Guy, br=Internal,
> o=Eurofer,
> > > > c=be"
> > > > it's impossible to create or modify an entry.
> > > > Why ?
> > > >
> > > > Thank's in advance
> > > >
> > > > Guy
> > > >
> > > >
> > >
> > >
> >
> >
>
>