[Date Prev][Date Next] [Chronological] [Thread] [Top]

Configuration of Single user causes



Thanks for all you help so far. I got quite a bit further.

This is my slapd.conf file

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/samba.schema
include         /etc/openldap/schema/apple.schema
include         /etc/openldap/schema/netinfo.schema

access to dn.subtree="o=j2anywhere,c=uk"
by dn.base="cn=addressbook,o=j2anywhere,c=uk" write
by * auth

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
allows          bind_v2
schemacheck     off
database        bdb
suffix          "o=j2anywhere,c=uk"
rootdn          "cn=ldapadmin,o=j2anywhere,c=uk"
rootpw          {SSHA}IcOR4sPEa52fanHppctqrP2Wiodd2+Df
directory       /var/db/openldap/addressbook-data
index           objectClass eq

And I am able to access my directory as follows :

ldapsearch -D "cn=addressbook,o=j2anywhere,c=uk" -w password -x -b "ou=people,o=j2anywhere,c=uk" sn=...

However if i change my configuration to

access to dn.subtree="ou=people,o=j2anywhere,c=uk"
by dn.base="cn=addressbook,o=j2anywhere,c=uk" write
by * auth

I get an error

ldapsearch -D "cn=addressbook,o=j2anywhere,c=uk" -w password -x -b "ou=people,o=j2anywhere,c=uk" sn=Tom
ldap_bind: Insufficient access (50)


Now I am getting confused. I am specifying the DN to which I want to give access and it's children with dn.subtree. I had a look at the FAQ,
http://www.openldap.org/faq/data/cache/55.html and http:// www.openldap.org/faq/data/cache/171.html.


Thanks
Alex