[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_add: Insufficient access



I'm about 90% finished installing openldap, with sasl (but not kerberos) on
linux.

The error I'm getting is:

[root]# ldapadd -f /tmp/ldifstart
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: user
SASL realm: realm
SASL SSF: 128
SASL installing layers
adding new entry "dc=people,dc=aaa,dc=com"
ldap_add: Insufficient access

ldif_record() = 50


I strongly suspect that my ACLs are set up improperly.  I've tried the
following permutations (and several others), but have had no success yet.

access to *
        by dn="uid=user@realm" write
        by * read

access to *
        by dn="uid=user + realm=realm" write
        by * read

access to *
        by dn="u: user" write
        by * read

Running slapd with -d 255, I see the following:

do_sasl_bind: dn (uid=user@realm) mech DIGEST-MD5
==> sasl_bind: dn="uid=user@realm" mech=<continuing> datalen=0
SASL Authorize [conn=0]: authcid="user" authzid="user"
SASL Authorize [conn=0]: "user" as "u:user"
slap_sasl_bind: username="u:user" realm="realm" ssf=128
<== slap_sasl_bind: authzdn: "uid=user + realm=realm"

The following also appears, which I think is unrelated and does not worry me
at the moment:

ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 7 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL

Please advise - I'm so close, I can smell it.

  - Scott