[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL problem in slapd.conf

To: openldap-software@openldap.org
Subject: ACL problem in slapd.conf
From: Tomasz Chmielewski <mangoo@wpkg.org>
Date: Fri, 04 Sep 2009 12:02:46 +0200
User-agent: Thunderbird 2.0.0.23 (X11/20090830)

I would like to allow a user to edit everything in a given subtree.


For example, I would like to allow uid=Operator,ou=Users,dc=example,dc=com to edit all entries which are in *,ou=Users,dc=example,dc=com.


I tried to follow http://www.zytrax.com/books/ldap/ch6/#access to set up access for that user, but I keep getting "insufficient access".

onn=5 fd=15 ACCEPT from IP=127.0.0.1:46917 (IP=0.0.0.0:389)
conn=5 op=0 BIND dn="uid=Operator,ou=Users,dc=example,dc=com" method=128
conn=5 op=0 BIND dn="uid=Operator,ou=Users,dc=example,dc=com" mech=SIMPLE ssf=0
conn=5 op=0 RESULT tag=97 err=0 text=
conn=5 op=1 DEL dn="uid=d.user3,ou=Users,dc=example,dc=com"
conn=5 op=1 RESULT tag=107 err=50 text=no write access to entry




My rule in slapd.conf is:

access to dn="ou=Users,dc=example,dc=com"
   by dn="uid=Operator,ou=Users,dc=example,dc=com" write
   by dn="uid=Operator,ou=Users,dc=example,dc=com" read


I also tried to use:

access to dn.subtree="ou=Users,dc=example,dc=com"
  ...

But then I'm not even able to connect.


--
Tomasz Chmielewski
http://wpkg.org

Follow-Ups:
- Re: ACL problem in slapd.conf
  - From: Lepoutre Lionel <leplio@gmail.com>
- Re: ACL problem in slapd.conf
  - From: Thomas van Oudenhove <vanouden@univ-toulouse.fr>
- Re: ACL problem in slapd.conf
  - From: Jonathan Clarke <jonathan@phillipoux.net>
- Re: ACL problem in slapd.conf
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: Assertion failure in ldapsearch
Next by Date: Using SASL OTP
Index(es):
- Chronological
- Thread