[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Error modifying uid or dn with ldapmodify (Naming violation (64) value of naming attribute 'uid' is not present in entry)
darkxer0x writes:
> Thank you very much.
> But, I have another problem, what is the ACL to permit "seff" to
> change dn?
"man slapd.access" says:
The modrdn operation requires write (=w) privileges on the
pseudo-attribute entry of the entry whose relative DN is being
modified, write (=w) privileges on the pseudo-attribute children of
the old and new entry's parents, and write (=w) privileges on the
attributes that are present in the new relative DN. Write (=w)
privileges are also required on the attributes that are present in
the old relative DN if deleteoldrdn is set to 1.
Thus you'll need something like
# hide passwords, but allow users to update their own
access to attrs=userPassword by self =wx by * auth
# allow users to add/delete/move entries directly below dc=dominio
access to dn="dc=dominio" attrs=children
by dn.onelevel="dc=dominio" write
# allow users to write their own entries and everyone to read
# everything else
access to * by self write by * read
> I''ve tried in slapd.conf:
> access to dn.base="" by self write
This tries to grant access to the single entry with DN "", which is not
a user entry but a special entry that describes the LDAP server.
Also it doesn't grant any access to anyone but 'self'.
Maybe you meant
access to * by self write by * read
or something like
access to dn.subtree=<some DN> by self write by * read
> This doesn't work
It would help if you said which error message you receive (where slapd
tries to _tell_ you why it failed), but here is a guess:
> I've read some howto about ldapmodrdn and all of them say: -D
> "Directory Manager",
Hopefully they don't, since that's not a valid DN. It would
be something like
-D "cn=Directory Manager,dc=dominio"
assuming your slapd.conf includes something like
database bdb
suffix "dc=dominio"
rootdn "cn=Directory Manager,dc=dominio"
rootpw <some password, possibly encrypted with sbin/slappasswd>
A database's rootdn is a special DN you can bind as which
has full access to the database regardless of access control,
and which does not need to exist in the database - which is
why you can specify its password in slapd.conf instead.
--
Hallvard