[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem



Hello All,

I am faced with the following problem. I want to create an Admin
entry in the OpenLDAP  2.07 database. that is this entry should 
have all the access. This is the kind of tree

              root
             /  | 
        Admin  OU
              /  |  \
            BU1 BU2 BU3

Now the access control section is as follows.

access to *
       by dn="cn=Admin,dc=example,dc=com" write

Also ldapadd of the Admin entry was made with the help of
rootdn (admin entry's  DN is "cn=Admin,dc=example,dc=com" )
I must tell that admin entry is based on adminObject which I
added in local.schema which is as follows

# this is for admin entry

objectclass ( 2.5.6.21 NAME 'adminObject' SUP top STRUCTURAL
       MUST ( cn $ userPassword )
       MAY  ( sn $ description ) )

But when I am trying to add entries as follows

ldapadd -D "cn=Admin,dc=example,dc=com" -f test.ldif

test.ldif contains
dn:ou=BU1,dc=example,dc=com
objectclass:top
objectclass:organizationalUnit
ou:BU1
description:unit of business

I am getting the error 
ldap_add: Insufficient access
    additional info: no write access to parent

Also if I specify -w "password" with ldapadd then the ldap_bind
is giving the Insufficient access error 

This is the exact reproduction of the symptom. Could anyone
point out the mistake ??

Thanks
SRIHARI