[Date Prev][Date Next] [Chronological] [Thread] [Top]

unknown LDAP result code (-30990): using groups to manage ACL's (ITS#2943)

To: openldap-its@OpenLDAP.org
Subject: unknown LDAP result code (-30990): using groups to manage ACL's (ITS#2943)
From: chris.paul@sentinare.net
Date: Fri, 30 Jan 2004 18:51:12 GMT

Full_Name: Chris Paul
Version: 2.1.25
OS: Linux kernel 2.4.20-8smp (RedHat 9)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (206.15.87.2)


I'm trying to follow the instructions from the Faq-o-Matic ("How do I use groups
as manage access controls?").

This is OpenLDAP 2.1.25 with BDB 4.2.52 running on Linux kernel 2.4.20-8smp
(RedHat 9). It is a fresh database. I just imported all the records. I created a
"groupofNames" object:

dn: cn=Adminstrators,dc=company,dc=com
cn: Adminstrators
objectClass: groupOfNames
objectClass: top
member: uid=chris,ou=people,ou=corporate,dc=company,dc=com

I try the following command:

ldapmodify -v -ZZ -x -w password -D \
uid=chris,ou=people,ou=corporate,dc=company,dc=com -f entry

I get this result:

ldap_initialize( <DEFAULT> )
replace userPassword:
        changeme
modifying entry "uid=test,ou=People,ou=Corporate,dc=company,dc=com"
ldapmodify: update failed:
uid=test,ou=People,ou=Corporate,dc=company,dc=com
ldap_modify: unknown LDAP result code (-30990)

Contents of "entry":

dn: uid=test,ou=People,ou=Corporate,dc=company,dc=com
changetype: modify
replace: userPassword
userPassword: changeme

My backend definitions:

#######################################################################
# bdb database definitions
#######################################################################

database        bdb
directory       /var/lib/ldap
suffix          "dc=company,dc=com"
rootdn          "cn=Manager,dc=company,dc=com"
rootpw          password

replica host=anotherserver.company.com:389
        tls=critical
        suffix="dc=company,dc=com"
        binddn="cn=Manager,dc=company,dc=com"
        bindmethod=simple credentials=test
replogfile      /var/lib/ldap/master-slapd.replog

# Indices to maintain
index   objectClass             pres,eq
index   cn,sn,uid               eq
index   uidNumber,gidNumber,memberUid   eq
index   oncRpcNumber,ipServicePort      eq
index   ipNetworkNumber,ipHostNumber    eq

access to attr=shadowLastChange
        by dn.base="cn=Manager,dc=company,dc=com" write
        by group.base="cn=Administrators,dc=company,dc=com" write
        by self write
        by * compare

access to attr=userPassword
        by self write
        by anonymous auth
        by dn.base="cn=Manager,dc=company,dc=com" write
        by group.base="cn=Administrators,dc=company,dc=com" write
        by * compare

access to dn.children="ou=Customers,dc=company,dc=com"
      by self write
      by group="cn=Administrators,dc=company,dc=com" write
      by users read
      by * read

access to *
        by self write
        by dn.base="cn=Manager,dc=company,dc=com" write
        by users read
        by * read

Prev by Date: Bad wording in manpage (ITS#2941)
Next by Date: Re: unknown LDAP result code (-30990): using groups to manage ACL's (ITS#2943)
Index(es):
- Chronological
- Thread