[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ERR_employeeadd {'info': 'modifications require authentication', 'desc': 'Strong(er) authentication required'}





Le 19/11/2015 19:43, Andrei Valoshyn a écrit :
Hello!
I have slapd 2.4.39 and python 2.6
I tried to create an user via python when I tried do that with root permission - it's OK. But when I did this with config in slapd.conf "access to * by group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write"

I have an error " ERR_employeeadd {'info': 'modifications require authentication', 'desc': 'Strong(er) authentication required'} "

I tried to use " l.protocol_version = ldap.VERSION{2,3} " via 389 port
My function for adding ldif is :
l = ldap.initialize(server)
l.simple_bind(username, ldapsrvpassword)
def employeeadd():
        ldif = modlist.addModlist(attrs)
        l.add_s(dn,ldif)

Will be very appreciate for any help



Hello Andrei,

I suppose that the username you use is a member of cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com, but which objectClass did you use in your group? By default, the OpenLDAP ACL system will use groupOfNames, searching user in the member attribute. If you have for example a groupOfUnixNames, you need to set your ACL like this:

access to * by group/groupOfUniqueNames/uniqueMember.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write

--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux