[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access Control
Quoting Matty <mattyml@bellsouth.net>:
| Howdy folks,
|
| I have been mucking with Access Control for the past day and 1/2, and
| cannot seem to get a cn to authenticate. I created several
| contact objects, and a cn named email [1] which I want to allow
| read/write access to a specific branch of my DIT. After reading through
| the docs on www.openldap.org, I thought:
|
| access to dn="ou=contacts,dc=dom,dc=com"
| by dn="cn=email,dc=dom,dc=com" write
|
| would allow email to read/write to the contacts branch of the tree. When
| I run ldapsearch:
|
| $ ldapsearch -h ldap.dom.com -LL -D 'cn=email,dc=dom,dc=com' -b
| 'ou=contacts,dc=dom,dc=com' '(cn=*)'
Matty,
Have you tried
ldapsearch -h ldap.dom.com -x -LL -D 'cn=email,dc=dom,dc=com' -W -b
'ou=contacts,dc=dom,dc=com' '(cn=*)'
or
ldapsearch -h ldap.dom.com -x -LL -D 'cn=email,dc=dom,dc=com' -w password -b
'ou=contacts,dc=dom,dc=com' '(cn=*)'
I am assuming that the cn=email,dc=dom,dc=com has a password defined.
ed
|
| I get:
|
| Bind Password:
| ldap_simple_bind_s: Insufficient access
|
| Anyone happen to know what I am missing? I have experimented with
| various things I found on google, but so far, no luck :(
|
| Thanks for any insight,
| Ryan
|
| [1]
| dn: cn=email,dc=dom,dc=com
| objectClass: top
| objectClass: organizationalRole
| objectClass: simpleSecurityObject
| cn: email
| description: User allowed to update the contacts tree
| userPassword: (MD5)94cc0f2c4100623b4efc85a534b7cd2a
|
|
--
-------------------------------------------------