[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: requesting clarification of use of config backend
On Mon, Sep 12, 2005 at 03:47:12PM -0700, Howard Chu wrote:
> The config database currently does not honor ACLs; it is hardcoded to
> only allow access to the rootdn.
I'm having a problem with this (ol-2.3.7). I get back an "insufficient access"
error when attempting to modify an entry under cn=config as its rootdn.
The config portion from slapd.conf is this:
"""
database config
rootdn "uid=andreas,cn=digest-md5,cn=auth"
database bdb
suffix "o=company,c=br"
rootdn "cn=Manager,o=company,c=br"
rootpw password
(...)
"""
The only acl lines are below the "database bdb" definition and all begin with
"access to dn.subtree="o=company,c=br" ...
I migrated this file to slapd.d and started slapd. Logging in as the
cn=config rootdn and trying to change a config parameter gives me this
(slapd -d 128 output):
=> access_allowed: search access to "olcDatabase={1}bdb,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "entry" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "objectClass" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDatabase" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcSuffix" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcAccess" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcLastMod" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcMaxDerefDepth" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcReadOnly" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcRootDN" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcRootPW" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbDirectory" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbCacheSize" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbCheckpoint" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbConfig" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbNoSync" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbDirtyRead" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbIDLcacheSize" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbIndex" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbLinearIndex" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbMode" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbSearchStack" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcDbShmKey" requested
<= root access granted
=> access_allowed: read access to "olcDatabase={1}bdb,cn=config" "olcLimits" requested
<= root access granted
=> access_allowed: backend default write access denied to "uid=andreas,cn=digest-md5,cn=auth"
The client gets back an "insufficient access" error. Is this a bug or am I doing something wrong?
/etc/openldap/slapd.d is mode 0750 owner ldap and all files under it are owned by ldap.