Re: Permission issue for normal user with ldap

Re: Permission issue for normal user with ldap_add

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>, "vvv jjj" <vvvjjj0@yahoo.co.in>

Subject: Re: Permission issue for normal user with ldap_add

From: Martin Stejskal <mstejskal@alps.cz>

Date: Thu, 19 Jan 2017 07:00:42 +0000

Accept-language: en-GB, ja-JP, en-US

Authentication-results: spf=none (sender IP is ) smtp.mailfrom=mstejskal@alps.cz;

Content-language: en-GB

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alpsgroup.onmicrosoft.com; s=selector1-alps-cz; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8NxnH2S38zoaqNLf8vplu/wMEM/H7DXB+TpHxue00bQ=; b=dIoRlBpZX99o9pMPN8VBkWL9KsQqlxNgB6FYEXDMCRlag+Y2iuNtqgxl5iZumPhLAxOLc6i83nSsbQDoplDjXhNtLjk8Pv1cY73bMPk9jS8sSOetPhNQQ3iR9n9JdQqRp183N8jy7H6yqdJ+7h0PPS0xu5N1coYHgN0tyRd+DNs=

In-reply-to: <636152837.208170.1484800654966@mail.yahoo.com>

References: <636152837.208170.1484800654966.ref@mail.yahoo.com>, <636152837.208170.1484800654966@mail.yahoo.com>

Spamdiagnosticmetadata: NSPM

Spamdiagnosticoutput: 1:99

Thread-index: AQHScg31eo689tdvmkWhICfJdH9mVKE/XbaS

Thread-topic: Permission issue for normal user with ldap_add

Hi,

first of all, I'm newbie in LDAP too, but I think that under root you're using different type of authentication. Maybe you can post your commands, so we can see what are you actually doing.

From my experience: if you use parameters "-Y EXTERNAL" you're authenticate as actual Linux user. But when you're using "-D "cn=admin,dc=example,dc=com" " you'll authenticate as LDAP's "admin" user. If you want to add new database (to cn=config), you will probably need Linux root user. But when you want to modify database, you need LDAP's admin user (at least this is the way I understand LDAP).

Best regards

Martin Stejskal

From: openldap-technical <openldap-technical-bounces@openldap.org> on behalf of vvv jjj <vvvjjj0@yahoo.co.in>
Sent: 19 January 2017 05:37:34
To: openldap-technical@openldap.org
Subject: Permission issue for normal user with ldap_add

Hi OpenLDAP team,

I'm new to openLDAP. So this could be a trivial question, please let me know if I missed anything.

I'm trying to add entries to "dc=example,dc=com" using ldap_add. It is working fine for super user (root), but we are getting permission error for normal user (non root).

I'm able to update with ldap_modify for normal user.

Could you please let me know how can we give permissions to any specific user to add entries using ldap_add.

Thanks in advance.

Regards
J.Visu