[Date Prev][Date Next] [Chronological] [Thread] [Top]

acl trouble



HI,
I'M HAVING TROUBLE UNDERSTANDING ACLS. SPECIFICALLY, WHEN I ATTEMPT:
ldapsearch -x -witchy+scratchy \
-D"uid=itchy3,ou=People,dc=ltrr,dc=arizona,dc=edu" "(uid=itchy3)" userPassword
WITH THE FOLLOWING SLAPD.CONF:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         
/etc/openldap/schema/draft-lachman-laser-ldap-mail-routing-02.schema
include         /etc/openldap/schema/redhat/rfc822-MailMember.schema
include         /etc/openldap/schema/redhat/autofs.schema
include         /etc/openldap/schema/redhat/kerberosobject.schema
TLSCertificateFile /usr/share/ssl/certs/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
password-hash {md5}
database        ldbm
suffix          "dc=ltrr,dc=arizona,dc=edu"
rootdn          "cn=master,dc=ltrr,dc=arizona,dc=edu"
rootpw          password
directory       /var/lib/ldap
index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn,mail,surname,givenname                       eq,subinitial
access to dn=".*,dc=ltrr,dc=arizona,dc=edu"
       by dn="uid=itchy3,ou=People,dc=ltrr,dc=arizona,dc=edu" write
       by self write
       by users write
I GET:
ldap_bind: Insufficient access
HOWEVER, I GET CORRECT SEARCH RESULTS WHEN I INCLUDE:
       by anonymous write
SO I CONCLUDE THE SERVER DOES NOT RECOGNIZE THE DN USED FOR BINDING AS
dn="uid=itchy3,ou=People,dc=ltrr,dc=arizona,dc=edu", OR self OR users, AS TO
MY MIND IT SHOULD. WHAT AM I MISSING HERE? ANY HELP WOULD BE GREATLY
APPRECIATED.

REDHAT 7.1
OpenLDAP 2.0.11?(according to man page for slapd, is there another way to check 
for version#?)

Merrick B. Richmond
Research Specialist (GIS/Geography)
The Labratory of Tree-Ring Research
University of Arizona

email: merrick@ltrr.arizona.edu

street address:
105 W Stadium
Tucson, AZ 85721