[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL : by group
I am using openldap 2.0.23 on RedHat. The server is performing local
authentication for ssh, pop, etc.
I have created an administrator group:
dn: cn=administrator,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: administrator
userPassword:: e2NyeXB0fXg=
gidNumber: 503
memberUid: chris
I would like members of this group to modify, delete ldap entries - so I
have attempted the following ACL:
access to attrs=userPassword,loginShell
by self write
by anonymous auth
by group="cn=administrator,ou=Group,dc=example,dc=com" write
by * none
access to *
by * read
However, when I attempt to modify an entry using an administrator account, I
get the following:
ldapmodify -x -D
"uid=chris,ou=employee,ou=people,dc=example,dc=com" -W -v -f /tmp/ldifmod4
Enter LDAP Password:
replace loginShell:
/bin/bash
modifying entry "uid=joe,ou=Employee,ou=People,dc=example,dc=com"
ldap_modify: Insufficient access
I've probably got the ACL wrong somewhere - could someone give me a nudge in
the right direction please.
Many Thanks,
Chris