[Date Prev][Date Next] [Chronological] [Thread] [Top]
Access control restiction error...

To: openldap-software@OpenLDAP.org
Subject: Access control restiction error...
From: Matt.Gregory@ctimi.com
Date: Thu, 9 Dec 2004 09:48:03 -0500



Greetings all.

I am seeking help with an access control issue.

I have two directories on a single server.  I am getting the error:

ldap_add: Insufficient access (50)
        additional info: no write access to parent

Here is my slapd.conf file.  Please help if you are able.

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24
23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include           /etc/openldap/schema/core.schema #required core schema
include           /etc/openldap/schema/cosine.schema #X.500 schema and
Cosine
include           /etc/openldap/schema/inetorgperson.schema #useful
internet organisation schema (internal mostly)
#adding some aux schemas
#include          /etc/openldap/schema/openldap.schema #required to fix our
schema...
include           /etc/openldap/schema/rns.schema #CTIMI RNS schema
definition...

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral   ldap://root.openldap.org

pidfile           /var/run/openldap/slapd.pid
argsfile    /var/run/openldap/slapd.args

# Load dynamic backend modules:
# modulepath      /usr/lib/openldap/openldap
# moduleload      back_bdb.la
# moduleload      back_ldap.la
# moduleload      back_ldbm.la
# moduleload      back_passwd.la
# moduleload      back_shell.la

loglevel 0

#######################################################################
# ldbm database definitions
#######################################################################
# ctimi.com
database    bdb
suffix            "dc=petconnect,dc=com"
rootdn            "cn=Manager,dc=petconnect,dc=com"
rootpw            {MD5}9DcClIuye/yBdzxvuxybHQ==
directory   /var/lib/openldap/petconnect.com
index cn,sn,uid   pres,eq,approx,sub
index objectClass eq

# Sample security restrictions
#     Require integrity protection (prevent hijacking)
#     Require 112-bit (3DES or better) encryption for updates
#     Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#     Root DSE: allow anyone to read it
#     Subschema (sub)entry DSE: allow anyone to read it
#     Other DSEs:
#           Allow self write access
#           Allow authenticated users read access
#           Allow anonymous users to authenticate
#     Directives needed to implement policy:
access to dn.base="" by users read
# access to dn.base="cn=Subschema" by * read
access to *
      by self write
      by users read
      by anonymous auth

access to dn.base="dc=petconnect,dc=com"
      by * read
      by anonymous auth
      by self write

access to dn.one="ou=System Users,dc=petconnect,dc=com"
      by dn.one="ou=System Admins,dc=petconnect,dc=com" write
      by anonymous auth
      by self write
      by users read

access to dn.children="ou=User Groups,dc=petconnect,dc=com"
      by dn.one="ou=System Admins,dc=petconnect,dc=com" write
      by users read

access to dn.one="ou=User Roles,dc=petconnect,dc=com"
      by dn.one="ou=System Admins,dc=petconnect,dc=com" write
      by users read

# cti-pet.com
database    ldbm
suffix            "dc=cti-pet,dc=com"
rootdn            "cn=root,dc=cti-pet,dc=com"
rootpw            <snip> #MD5 hashed
directory   /var/lib/openldap/cti-pet.com
index objectClass eq

Matt Gregory
eBusiness R&D
CTI, Inc.
cell: 865-850-3638
work: 865-218-2767
home: 865-988-5210
ioem: matt.gregory@ctimi.com
ooem: matthew.gregory@skyleach.com
AIM: SkyLeach
MSNM: matt.gregory@ctimi.com
public OpenPGP compliant key:
http://www.skyleach.com/matthew/matt_pub_key.html
OpenPGP information: http://www.openpgp.org
                                                                          
 NOTICE:  This e-mail message and all attachments transmitted with it may 
 contain legally privileged and confidential information intended solely  
 for the use of the addressee.  If the reader of this message is not the  
 intended recipient, you are hereby notified that any reading,            
 dissemination, distribution, copying, or other use of this message or    
 its attachments, hyperlinks, or any other files of any kind is strictly  
 prohibited.  If you have received this message in error, please notify   
 the sender immediately by telephone (865-218-2000) or by a reply to this 
 electronic mail message and delete this message and all copies and       
 backups thereof.
Prev by Date: ldapmon.rb for monitor backend watching
Next by Date: Re: About Openldap Schema Problem.
Index(es):
- Chronological
- Thread