[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL question



Hello!

I'm trying to set up a small, simple LDAP server. I managed to
configure SASL to do authentication (via sasldb). I added some
users to /etc/sasldb. The authentication seems to work, I can
specify SASL users to ldapsearch with the -U flag. However if
I also specify a dn (via the -D flag) the dn seems to be ignored
and I always get an insufficient access error.

So my question is:
How can I associate SASL users to LDAP dn-s?

I'm trying to run this command:
ldapmodify -U root -D "cn=root,dc=bitlab,dc=hu" -f xxx.ldif

In my slapd.conf:
...
sasl-realm      bitlab.hu
sasl-host       nest.bitlab.hu
sasl-secprops   none
...
database        ldbm
suffix          "dc=bitlab,dc=hu"
rootdn          "cn=root,dc=bitlab,dc=hu"
...
access to *
        by self write
        by dn="cn=root,dc=bitlab,dc=hu" write
        by * read

The error message:
[kolb@kompot:~] ldapmodify -U root -D "cn=root,dc=bitlab,dc=hu" -f xxx.ldif 
SASL/DIGEST-MD5 authentication started
Please enter your password: 
SASL username: root
SASL realm: bitlab.hu
SASL SSF: 128
SASL installing layers
modifying entry "cn=Zoltan Kolb,dc=bitlab,dc=hu"
ldap_modify: Insufficient access

ldif_record() = 50

Thanks, Zoltan Kolb