[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: newbie q about 'access'

> Hallo
>
> I decide to use ldap server for serving pgp keys.
> So i installed openldap21-server from freebsd ports and set up
> slapd.conf. Then, I started slapd and initialized database with
> init.ldif
> Next, i use pgp 8.0 to create and send keys to server.
> And here is a trouble:
> Jan 13 16:50:27 gw slapd[42360]: conn=3 fd=13 ACCEPT from
>                     IP=192.168.230.32:2167 (IP=192.168.230.1:389)
> Jan 13 16:50:27 gw slapd[42360]: conn=3 op=0 ADD
>             dn="pgpCertID=3631AEB186896855,dc=palma,dc=net"
> Jan 13 16:50:27 gw slapd[42360]: conn=3 op=0 RESULT tag=105 err=8
>             text=modifications require authentication
>                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Jan 13 16:50:27 gw slapd[42360]: conn=3 op=1 UNBIND
> Jan 13 16:50:27 gw slapd[42360]: conn=3 fd=13 closed
>
> =========> slapd.conf <==============
> include         /usr/local/etc/openldap/schema/core.schema
> include         /usr/local/etc/openldap/schema/pgp-keyserver.schema
>
> pidfile         /var/run/openldap/slapd.pid
> argsfile        /var/run/openldap/slapd.args
> sockbuf_max_incoming    524288
>
> database    bdb
> suffix      "ou=PGP Keys,dc=palma,dc=net"
> rootdn      "cn=admin,ou=PGP Keys,dc=palma,dc=net"
> rootpw      {MD5}S0F3ecDS6Oq/+7KlVIznMQ==
> directory       /var/db/openldap-data
> index       objectClass        eq
> index  pgpCertID,pgpKeyID,pgpKeyType,pgpUserID,pgpKeyCreateTime
>                     sub,eq
> index  pgpSignerID,pgpSubKeyID,pgpKeySize,pgpKeyExpireTime
>                     sub,eq
> index  pgpDisabled,pgpRevoked                                      eq
>
> access to *
>       by * write
> =========> slapd.conf <==============
>
> =========> init.idif <==============
> dn: ou=PGP Keys,dc=palma,dc=net
> objectclass: organizationalUnit
> ou: PGP Keys
>
> dn: cn=PGPServerInfo,ou=PGP Keys,dc=palma,dc=net
> cn: PGPServerInfo
> objectclass: pgpserverinfo
> pgpSoftware: OpenLDAP slapd
> pgpVersion: 2.0.23
> pgpBaseKeyspaceDN: ou=PGP Keys,dc=palma,dc=net
> =========> init.ldif <==============
>
> Why its require authentication, when i told, that all users have write
> permissions?
> Maybe you can give me few hints.

It has nothing to do withg ACLs.
see slapd.conf(5) "allow" directive.

Are you serious about that ACLs, though?

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it