[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access Control
I just got this to work (FINALLY!!). I added:
access to attrs=userpassword
by * auth
to the top of my access declarations. Anyone know why this is required?
Thanks,
Ryan
On Fri, 2002-12-27 at 21:27, Matty wrote:
> Howdy folks,
>
> I have been mucking with Access Control for the past day and 1/2, and
> cannot seem to get a cn to authenticate. I created several
> contact objects, and a cn named email [1] which I want to allow
> read/write access to a specific branch of my DIT. After reading through
> the docs on www.openldap.org, I thought:
>
> access to dn="ou=contacts,dc=dom,dc=com"
> by dn="cn=email,dc=dom,dc=com" write
>
> would allow email to read/write to the contacts branch of the tree. When
> I run ldapsearch:
>
> $ ldapsearch -h ldap.dom.com -LL -D 'cn=email,dc=dom,dc=com' -b
> 'ou=contacts,dc=dom,dc=com' '(cn=*)'
>
> I get:
>
> Bind Password:
> ldap_simple_bind_s: Insufficient access
>
> Anyone happen to know what I am missing? I have experimented with
> various things I found on google, but so far, no luck :(
>
> Thanks for any insight,
> Ryan
>
> [1]
> dn: cn=email,dc=dom,dc=com
> objectClass: top
> objectClass: organizationalRole
> objectClass: simpleSecurityObject
> cn: email
> description: User allowed to update the contacts tree
> userPassword: (MD5)94cc0f2c4100623b4efc85a534b7cd2a
--
Ryan Matteson - UNIX Administrator
GPG ID: 1B52A210 2002-12-01 Ryan Matteson (Primary Key Pair)
<matty91@bellsouth.net>
Public Key: http://www.daemons.net/~matty/public.asc
Detached Digital Signature: http://www.daemons.net/~matty/public.sig.asc
Fingerprint = A0B1 298E 29C4 3F26 01D5 EDFC 3D62 281F 1B52 A210