[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL question
Hello!
I'm trying to set up a small, simple LDAP server. I managed to
configure SASL to do authentication (via sasldb). I added some
users to /etc/sasldb. The authentication seems to work, I can
specify SASL users to ldapsearch with the -U flag. However if
I also specify a dn (via the -D flag) the dn seems to be ignored
and I always get an insufficient access error.
So my question is:
How can I associate SASL users to LDAP dn-s?
I'm trying to run this command:
ldapmodify -U root -D "cn=root,dc=bitlab,dc=hu" -f xxx.ldif
In my slapd.conf:
...
sasl-realm bitlab.hu
sasl-host nest.bitlab.hu
sasl-secprops none
...
database ldbm
suffix "dc=bitlab,dc=hu"
rootdn "cn=root,dc=bitlab,dc=hu"
...
access to *
by self write
by dn="cn=root,dc=bitlab,dc=hu" write
by * read
The error message:
[kolb@kompot:~] ldapmodify -U root -D "cn=root,dc=bitlab,dc=hu" -f xxx.ldif
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: root
SASL realm: bitlab.hu
SASL SSF: 128
SASL installing layers
modifying entry "cn=Zoltan Kolb,dc=bitlab,dc=hu"
ldap_modify: Insufficient access
ldif_record() = 50
Thanks, Zoltan Kolb