[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
GQ write issue
I wonder if anyone has some advice for me with this one. slapd.conf is
setup as:
----------------------------------------------------
rootdn "cn=Jason Armstrong,dc=example,dc=com"
rootpw secret
suffix "dc=example,dc=com"
directory "/var/lib/ldap/example.com"
defaultaccess read
lastmod on
index objectclass eq
index cn,mail pres,eq,sub
access to *
by dn="cn=Jason Armstrong,dc=example,dc=com" write
by * read
----------------------------------------------------
ldapmodify shows that I can write:
$ ldapmodify -x -W -D "cn=Jason Armstrong,dc=example,dc=com" -h ldap.example.com -f /tmp/modify
And the logfile shows:
slapd[3723]: <= acl_access_allowed: granted to database root
However, I am unable to use gq to modify any entries. GQ settings for
server are:
----------------------------------------------------
LDAP host : ldap.example.com
Base DN : dc=example,dc=com
Bind DN : cn=Jason Armstrong,dc=example,dc=com
Bind type : Simple
Search Attribute : (objectclass=*)
----------------------------------------------------
But attempting to modify an entry gives the message: Insufficient
access, and the logfile shows:
=> access_allowed: write access to "cn=Test,dc=example,dc=com" "description" requested
=> acl_get: [1] check attr description
<= acl_get: [1] acl cn=Test,dc=example,dc=com attr: description
=> acl_mask: access to entry "cn=Test,dc=example,dc=com", attr "description" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: cn=Jason Armstrong,dc=example,dc=com
<= check a_dn_pat: *
<= acl_mask: [2] applying read (=rscx) (stop)
<= acl_mask: [2] mask: read (=rscx)
=> access_allowed: write access denied by read (=rscx)
So, is it my GQ configuration that is wrong, or my LDAP setup? Or do I
somewhere need to specify that I have write access to all attributes?
Also, where do you see that an authentication attempt fails? I can see
above: acl_access_allowed: granted to database root, when it succeeds,
but nothing in the second example shows me why I have failed to get
write access.
Thanks for any help.
--
Jason Armstrong