Re: [ldap] Permsion on Parent

["Pierangelo Masarati" <ando@sys-net.it>]

> Is there any docs that shows all this?
>
> Robert Canary wrote:
>>
>> I am trying create a record under ou=People,dc=example,dc=com
>>
>> I am using the dn"uid=newuser2add,ou=People,dc=example,dc=com
>>
>> If I run the ldif file with cn=root it gose fine, but I don'r want
>> that.  I am trying to setup a user specificly for adding new people.
>> So I set a user called "peopleroot" and added this superuser in the
>> acls as follows:
>>
>> access to dn="uid=*,ou=People,dc=example,dc=com"
>>         by dn="cn=peopleroot,dc=example,dc=com" write

If you're using OpenLDAP software, this regex is incorrect;
it should be

access to dn="uid=.*,ou=People,dc=example,dc=com"
        by dn="cn=peopleroot,dc=example,dc=com" write

note the dot '.' before the star '*'.

>>
>> But it still gives me:
>> ldap_add: Insuffiecent access
>> additional Info: nowrite access to parent
>> ldif_record()=50
>>
>> Can someone tell me what the proper dn for peopleroot should be to
>> allow write permissions
>>
>> thanks in advance
>> --
>> robert
>>
>> ---
>> You are currently subscribed to ldap@umich.edu as:
>> [phantom@ohiocounty.net] To unsubscribe send email to
>> ldap-request@umich.edu with the word UNSUBSCRIBE as the SUBJECT of the
>> message.


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it