[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
I'm puzzled (problem with ACLs)
Hi List,
I'm know this is a FAQ, since I read the FAQ. But the FAQ answer didn't
solve my problem... I'm obviously doing something wrong, but I can't
figure out what !
I'm using the openldap-1.2.9 package that comes with RedHat 6.x
I've populated my directory with entries like
dn: ou=people, dc=logilab, dc=fr
...
dn: ou=assistants, dc=logilab, dc=fr
...
dn: cn=Gizmo, ou=assistants, dc=logilab, dc=fr
status: off
...
and my modify.ldif file reads:
cn=Gizmo, ou=assistants, dc=logilab, dc=fr
status=on
Now, when I try to modify the entry with
ldapmodify -v -r -f modify.ldif
I keep getting a
replace status:
off
modifying entry cn=Gizmo, ou=assistants, dc=logilab, dc=fr
ldap_modify: Insufficient access
In my slapd.conf, I've only one ACL rule. I've tried
access to dn=".*, ou=assistants, dc=logilab, dc=fr" by * write
access to dn=".*, ou=assistants, dc=logilab, dc=fr" by dn="^$$" write
access to dn=".*, ou=assistants, dc=logilab, dc=fr" by dn="" write
access to dn=".*, ou=assistants, dc=logilab, dc=fr" attr=status by * write
but none of the above will work. OTOH,
access to * by * write
works fine.
I've also tried using the -D option to ldapmodify, but unless I use
"cn=Manager, dc=logilab, dc=fr", it does not work. More specifically,
using "access to * by self write" and -D "cn=Gizmo, ... dc=fr" does not
work any better.
So people, what's wrong with me ?
--
Nicolas Chauvat
http://www.logilab.com - "Mais où est donc Ornicar ?" - LOGILAB, Paris (France)