[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Access control restiction error...
Greetings all.
I am seeking help with an access control issue.
I have two directories on a single server. I am getting the error:
ldap_add: Insufficient access (50)
additional info: no write access to parent
Here is my slapd.conf file. Please help if you are able.
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24
23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema #required core schema
include /etc/openldap/schema/cosine.schema #X.500 schema and
Cosine
include /etc/openldap/schema/inetorgperson.schema #useful
internet organisation schema (internal mostly)
#adding some aux schemas
#include /etc/openldap/schema/openldap.schema #required to fix our
schema...
include /etc/openldap/schema/rns.schema #CTIMI RNS schema
definition...
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath /usr/lib/openldap/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
loglevel 0
#######################################################################
# ldbm database definitions
#######################################################################
# ctimi.com
database bdb
suffix "dc=petconnect,dc=com"
rootdn "cn=Manager,dc=petconnect,dc=com"
rootpw {MD5}9DcClIuye/yBdzxvuxybHQ==
directory /var/lib/openldap/petconnect.com
index cn,sn,uid pres,eq,approx,sub
index objectClass eq
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
access to dn.base="" by users read
# access to dn.base="cn=Subschema" by * read
access to *
by self write
by users read
by anonymous auth
access to dn.base="dc=petconnect,dc=com"
by * read
by anonymous auth
by self write
access to dn.one="ou=System Users,dc=petconnect,dc=com"
by dn.one="ou=System Admins,dc=petconnect,dc=com" write
by anonymous auth
by self write
by users read
access to dn.children="ou=User Groups,dc=petconnect,dc=com"
by dn.one="ou=System Admins,dc=petconnect,dc=com" write
by users read
access to dn.one="ou=User Roles,dc=petconnect,dc=com"
by dn.one="ou=System Admins,dc=petconnect,dc=com" write
by users read
# cti-pet.com
database ldbm
suffix "dc=cti-pet,dc=com"
rootdn "cn=root,dc=cti-pet,dc=com"
rootpw <snip> #MD5 hashed
directory /var/lib/openldap/cti-pet.com
index objectClass eq
Matt Gregory
eBusiness R&D
CTI, Inc.
cell: 865-850-3638
work: 865-218-2767
home: 865-988-5210
ioem: matt.gregory@ctimi.com
ooem: matthew.gregory@skyleach.com
AIM: SkyLeach
MSNM: matt.gregory@ctimi.com
public OpenPGP compliant key:
http://www.skyleach.com/matthew/matt_pub_key.html
OpenPGP information: http://www.openpgp.org
NOTICE: This e-mail message and all attachments transmitted with it may
contain legally privileged and confidential information intended solely
for the use of the addressee. If the reader of this message is not the
intended recipient, you are hereby notified that any reading,
dissemination, distribution, copying, or other use of this message or
its attachments, hyperlinks, or any other files of any kind is strictly
prohibited. If you have received this message in error, please notify
the sender immediately by telephone (865-218-2000) or by a reply to this
electronic mail message and delete this message and all copies and
backups thereof.