[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: what is wrong with my permissions?

To: Ferenc Wagner <wferi@niif.hu>
Subject: Re: what is wrong with my permissions?
From: Igor Shmukler <igor.shmukler@gmail.com>
Date: Thu, 19 Mar 2015 22:09:01 +0200
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=nfosg5ebIwIzL4QevMlpAv5LU0swUp48enGVg3WEpI0=; b=Qmwu8leP2mFRpgXDxGIBW2h80ul1ltAGg4S7sO8XxczuV20vaiOMhbUs6iTifxlRvh mcpoE0GMuU8CUMXePEx2WOfg2KgHTmICVTRzPNAOhVKIbPLaCOIXtUpcCaP8BeKjxTif bCsi+iNDXCjVqZnX12E8Uj5GGxLK5cHwZuLBRM9BRVD+lcl2jATggQUbFpXBb2j8HBMX VXjVoQn63HbdnwVTgrj1M6CUuC5BctwMaJDm4masFVW+RV0SY0/4PUCNRUh3ZB2nvoeo xPpzMgfd2bwIzRX688s8TTPohX1LzhFmaUsYUpa3SO1W2IrUY1mXRz5FTIHNFkAtoYxy isxw==
In-reply-to: <878uesepj5.fsf@lant.ki.iif.hu>
References: <CAA1SNA3S1dySN1BWw7fHv2f21ZU6i4pG0rPWHaJ9LpnuUbYNig@mail.gmail.com> <873851j33t.fsf@lant.ki.iif.hu> <CAA1SNA1aVtzJqAYnXZX5YrchgFwFgREE7wyR=PwjKe5AcNYG1g@mail.gmail.com> <87oanpfanj.fsf@lant.ki.iif.hu> <CAA1SNA2rh4Wz9Yh7ksb8XkwjEgjjLqgQWDjw--j3WSiwRVR3BQ@mail.gmail.com> <874mphf8r8.fsf@lant.ki.iif.hu> <CAA1SNA1h-FRxM=+MHqnTVncZscj-CS5avHbT4NvqcRMnh+_zMA@mail.gmail.com> <CAA1SNA08tKjsMFuDj2tVCMRCLbwQfPzn85B6Ob7Q0u_NABePpg@mail.gmail.com> <878uesepj5.fsf@lant.ki.iif.hu>

Hello Ferenc,

> There is a double comma here.  But the problem is that this line will
> always terminate the ACL processing, because "to * ... by * read" always
> matches.
>
>> olcAccess: {3}to * by dn.exact=cn=config
>
> This line is never reached.  Move it to the front instead:
>
> olcAccess: {0}to * by dn.exact=cn=config
> olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none
> olcAccess: {2}to dn.base="" by * read
> olcAccess: {3}to * by self write by * read

I am still confused why script terminates and the line is never
reached. Either way, I am still getting the error:
ldap_delete: Insufficient access (50)
additional info: no write access to parent

Is there something that I could check to figure what is wrong?

Sincerely,

Igor Shmukler

References:
- what is wrong with my permissions?
  - From: Igor Shmukler <igor.shmukler@gmail.com>
- Re: what is wrong with my permissions?
  - From: Ferenc Wagner <wferi@niif.hu>
- Re: what is wrong with my permissions?
  - From: Igor Shmukler <igor.shmukler@gmail.com>
- Re: what is wrong with my permissions?
  - From: Ferenc Wagner <wferi@niif.hu>
- Re: what is wrong with my permissions?
  - From: Igor Shmukler <igor.shmukler@gmail.com>
- Re: what is wrong with my permissions?
  - From: Ferenc Wagner <wferi@niif.hu>
- Re: what is wrong with my permissions?
  - From: Igor Shmukler <igor.shmukler@gmail.com>
- Re: what is wrong with my permissions?
  - From: Igor Shmukler <igor.shmukler@gmail.com>
- Re: what is wrong with my permissions?
  - From: Ferenc Wagner <wferi@niif.hu>

Prev by Date: Re: what is wrong with my permissions?
Next by Date: Re: OpenLDAP permissions question
Index(es):
- Chronological
- Thread