[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
acl problem Insufficient access
- To: openldap-software@OpenLDAP.org
- Subject: acl problem Insufficient access
- From: Matteo Mancini <neonx@libero.it>
- Date: Wed, 06 Aug 2003 15:44:07 +0200
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030507
Hi list,
I've got a little problem with slapd's acl...
My ldap's three looks simething like this:
+dc=exemple,dc=net
|-cn=supermaster,dc=exemple,dc=net
|-o=vmailhosting,dc=exemple,dc=net
| |-o=vmaildomain1,dc=vhosting,=dc=exemple,dc=net
|-o=vdomain,dc=exemple,dc=net
| |-o=vuserdoamim1,o=vdomain,dc=exemple,dc=net
| | |-ou=admingroup,o=vuserdoamim1,o=vdomain,dc=exemple,dc=net
| | |
|-cn=master,ou=admingroup,o=vuserdoamim1,o=vdomain,dc=exemple,dc=net
| | |
|-cn=authuser,ou=admingroup,o=vuserdoamim1,o=vdomain,dc=exemple,dc=net
cn=supermaster is my ldap admin
o=vmailhosting are my imap's virtual hosting sites
o=vdomain are my child domains
cn=master is my child admin, every child domain has got one to delegate
control
For dalegating control to cn=master I'm using this ACL
access to dn=".*,ou=admingroup,o=([^,]+),o=domain,,dc=exemple,dc=net"
by self read
by dn="cn=master,ou=admingroup,o=$1,dc=exemple,dc=net" write
But when I try to delete , add or modify some entry in the child domain
with his own cn=master I recive the error:
Result: Insufficient access (50)
Additional info: entry modify failed
A sample command could be:
ldapdelete -x -D"cn=master,ou=admingroup,o=vuserdoamim1,o=domain,
dc=exemple,dc=net" \
-w secret "cn=authouser=admingroup,o=vuserdoamim1,o=domain,
dc=exemple,dc=net"
Where' s the mistake????????????
PS:who know a good ldap's acl howto
Thanks
Matteo Mancini