[Date Prev][Date Next] [Chronological] [Thread] [Top]

help, how can i manage ACL in slapd.conf



i setup my ldap serve using openldap 2.1.25
and i had add data into ldap server successfully, now the problem is ,
i want that anonymous will not read my data, and i will grant serveral
certain users to manage these data.

e.g.
i want user:  dn=cn=mailadmin,dc=abcd,dc=net can write
dn.base="ou=mail,dc=abcd,dc=net" and other cannot read dn.base="ou=mail,dc=abcd,dc=net"

i write my access line as follows:

access to dn.base="ou=mail,dc=abcd,dc=net" by
dn="cn=mailadmin,dc=abcd,dc=net" write
 by * none

then i add a person as cn=mailadmin,dc=abcd,dc=net into ldap directory
and add a userPassword attr in.
when i use ldapsearch, i get errors:

# ./ldapsearch -h ldap.abcd.com -D "cn=mailadmin,dc=cz8,dc=net" -W
"(objectclass=*)"
Enter LDAP Password: 
ldap_bind: Insufficient access (50)


why? and how can i do that?

thanks for advise!!!!


--------------------
hefish <hefish@vip.cn99.com>
ICQ: 16402939
MSN: hefish@cz8.net
QQ:  831031