[Date Prev][Date Next] [Chronological] [Thread] [Top]

I'm puzzled (problem with ACLs)



Hi List,

I'm know this is a FAQ, since I read the FAQ. But the FAQ answer didn't
solve my problem... I'm obviously doing something wrong, but I can't
figure out what !

I'm using the openldap-1.2.9 package that comes with RedHat 6.x

I've populated my directory with entries like

	dn: ou=people, dc=logilab, dc=fr
	...

	dn: ou=assistants, dc=logilab, dc=fr
	...

	dn: cn=Gizmo, ou=assistants, dc=logilab, dc=fr
	status: off
	...

and my modify.ldif file reads:

	cn=Gizmo, ou=assistants, dc=logilab, dc=fr
	status=on

Now, when I try to modify the entry with

	ldapmodify -v -r -f modify.ldif

I keep getting a 

	replace status:
	        off
	modifying entry cn=Gizmo, ou=assistants, dc=logilab, dc=fr
	ldap_modify: Insufficient access

In my slapd.conf, I've only one ACL rule. I've tried 

	access to dn=".*, ou=assistants, dc=logilab, dc=fr" by * write
	access to dn=".*, ou=assistants, dc=logilab, dc=fr" by dn="^$$" write
	access to dn=".*, ou=assistants, dc=logilab, dc=fr" by dn="" write
	access to dn=".*, ou=assistants, dc=logilab, dc=fr" attr=status by * write

but none of the above will work. OTOH, 

	access to * by * write

works fine.

I've also tried using the -D option to ldapmodify, but unless I use
"cn=Manager, dc=logilab, dc=fr", it does not work. More specifically,
using "access to * by self write" and -D "cn=Gizmo, ... dc=fr" does not
work any better.

So people, what's wrong with me ?

-- 
Nicolas Chauvat

http://www.logilab.com - "Mais où est donc Ornicar ?" - LOGILAB, Paris (France)