[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help, how can i manage ACL in slapd.conf



lør, 27.03.2004 kl. 10.23 skrev 贺鱼:

> access to dn.base="ou=mail,dc=abcd,dc=net" by
> dn="cn=mailadmin,dc=abcd,dc=net" write
>  by * none

Make sure it's written properly - maybe your mailer folded where it
shouldn't have, though:

access to dn.base="ou=mail,dc=abcd,dc=net"
  by dn="cn=mailadmin,dc=abcd,dc=net" write
  by * none

Note the indents = whitespaces.

> then i add a person as cn=mailadmin,dc=abcd,dc=net into ldap directory
> and add a userPassword attr in.
> when i use ldapsearch, i get errors:
> 
> # ./ldapsearch -h ldap.abcd.com -D "cn=mailadmin,dc=cz8,dc=net" -W
> "(objectclass=*)"
> Enter LDAP Password: 
> ldap_bind: Insufficient access (50)

Have you first included the auth ACL?

access to dn.subtree="ou=mail,dc=abcd,dc=net"
  attr=userPassword
  by * auth

Also, the two preparatory ACLs:

access to dn.base=""
  by * read

access to dn.base="cn=Subschema"
  by * read

won't hurt :)

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl