[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapmodify: Insufficient access



Hello.

I'm trying to install OpenLDAP to hold authentication information for my
FTP users.  I've got it up and running, and can add and modify data as
Manager.  I've also configured the ACL's in slapd as follows:

--------------------------------------------------
access to attr=userPassword
       by self write
       by anonymous auth
       by dn="cn=Manager,dc=liquidev,dc=com" write
       by * none

access to *
       by self write
       by anonymous auth
       by * read
--------------------------------------------------

However, when I try to modify the userPassword as a regular user, I get an
Insufficient Access response.  The modification data looks like:

--------------------------------------------------
dn: cn=Aaron, dc=liquidev, dc=com
changetype: modify
replace: userPassword
userPassword: {crypt}passwordremoved
--------------------------------------------------

When I turn on aggressive debugging, I see that I'm being authenticated
but I'm not allowed to write:

--------------------------------------------------
=> access_allowed: write access to "cn=Aaron, dc=liquidev,
dc=com" "userPassword" requested
=> acl_get: [1] check attr userPassword
<= acl_get: [1] acl cn=Aaron, dc=liquidev, dc=com attr: userPassword
=> acl_mask: access to entry "cn=Aaron, dc=liquidev, dc=com", attr
"userPassword" requested
=> acl_mask: to value by "CN=AARON,DC=LIQUIDEV,DC=COM", (=n) 
<= check a_dn_pat: *
<= acl_mask: [1] applying read (=rscx) (stop)
<= acl_mask: [1] mask: read (=rscx)
=> access_allowed: write access denied by read (=rscx)
--------------------------------------------------

I've searched google for the answer but have come up with nothing.  Can
anyone help?  Thanks.

-Mark Whittington
Liquid Development

-- 
[ http://pgpkeys.mit.edu:11371/  -  search for markc@liquidev.com ]