Re: ERR_employeeadd {'info': 'modifications require authentication', 'desc': 'Strong(er) authentication required'}

[Clément OUDOT <clement.oudot@savoirfairelinux.com>]

Le 19/11/2015 19:43, Andrei Valoshyn a écrit :
> Hello!
> I have slapd 2.4.39 and python 2.6
> I tried to create an user via python when I tried do that with root 
> permission - it's OK. But when I did this with config in slapd.conf 
> "access to * by 
> group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write"
>
> I have an error " ERR_employeeadd  {'info': 'modifications require 
> authentication', 'desc': 'Strong(er) authentication required'} "
>
> I tried to use " l.protocol_version = ldap.VERSION{2,3} " via 389 port
> My function for adding ldif is :
> l = ldap.initialize(server)
> l.simple_bind(username, ldapsrvpassword)
> def employeeadd():
>         ldif = modlist.addModlist(attrs)
>         l.add_s(dn,ldif)
>
> Will be very appreciate for any help


Hello Andrei,

I suppose that the username you use is a member of 
cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com, but which 
objectClass did you use in your group? By default, the OpenLDAP ACL 
system will use groupOfNames, searching user in the member attribute. If 
you have for example a groupOfUnixNames, you need to set your ACL like 
this:

access to * by 
group/groupOfUniqueNames/uniqueMember.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" 
write

--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux