[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap access

To: "Douglas B. Jones" <douglas@gpc.edu>, openldap-software@OpenLDAP.org
Subject: RE: ldap access
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Fri, 23 Jan 2004 15:54:41 -0800
Content-disposition: inline
In-reply-to: <PHEKJLKKDLGCAEJLJPHMEEBJCDAA.douglas@gpc.edu>
References: <PHEKJLKKDLGCAEJLJPHMEEBJCDAA.douglas@gpc.edu>

--On Friday, January 23, 2004 6:08 PM -0500 "Douglas B. Jones" <douglas@gpc.edu> wrote:


If I read correctly, the only change was to add 'by * break'. I
tried that, first only in the dc=employee section and then in
both section. I got the same results. All the searches worked
as before, but the modify gave 'insufficient access(50)' (as
before). I also tried adding the write acl for douglas to them,
but that gave the same error. I put the write acl for douglas
right before the 'by * break'. Any ideas? I appreciate the help!

Well, it is hard to say without any real log output. If you can, start slapd manually with a -d -1 option, and see what it's doing as it evaluates the ACL's. That should tell you a lot.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: ldap access
  - From: "Jim C." <jcllings@javahop.com>

References:
- RE: ldap access
  - From: "Douglas B. Jones" <douglas@gpc.edu>

Prev by Date: Re: ldapsearch allows SSL even w/o correct TLS_CACERT
Next by Date: Re: Remote LDAP server
Index(es):
- Chronological
- Thread