[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help, how can i manage ACL in slapd.conf

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: help, how can i manage ACL in slapd.conf
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Sat, 27 Mar 2004 13:51:06 +0100
In-reply-to: <20040327170201.11AD.HEFISH@vip.cn99.com>
Organization: Billy
References: <20040327170201.11AD.HEFISH@vip.cn99.com>

lør, 27.03.2004 kl. 10.23 skrev 贺鱼:

> access to dn.base="ou=mail,dc=abcd,dc=net" by
> dn="cn=mailadmin,dc=abcd,dc=net" write
>  by * none

Make sure it's written properly - maybe your mailer folded where it
shouldn't have, though:

access to dn.base="ou=mail,dc=abcd,dc=net"
  by dn="cn=mailadmin,dc=abcd,dc=net" write
  by * none

Note the indents = whitespaces.

> then i add a person as cn=mailadmin,dc=abcd,dc=net into ldap directory
> and add a userPassword attr in.
> when i use ldapsearch, i get errors:
> 
> # ./ldapsearch -h ldap.abcd.com -D "cn=mailadmin,dc=cz8,dc=net" -W
> "(objectclass=*)"
> Enter LDAP Password: 
> ldap_bind: Insufficient access (50)

Have you first included the auth ACL?

access to dn.subtree="ou=mail,dc=abcd,dc=net"
  attr=userPassword
  by * auth

Also, the two preparatory ACLs:

access to dn.base=""
  by * read

access to dn.base="cn=Subschema"
  by * read

won't hurt :)

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl

References:
- help, how can i manage ACL in slapd.conf
  - From: 贺鱼 <hefish@vip.cn99.com>

Prev by Date: Re: LDAP defined groups not set properly over ssh
Next by Date: Re: LDAP defined groups not set properly over ssh
Index(es):
- Chronological
- Thread