[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: unknown LDAP result code (-30990): using groups to manage ACL's (ITS#2943)
I've updated OPENLDAP_REL_ENG_2_1 to abort if the result
code to return is negative. The patch is available at:
http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/result.c.diff?r1=1.130.2.23&r2=1.130.2.24&hideattic=1&sortbydate=0
Please run this and, after it aborts, use a debugger to
produce a stack back trace (gdb(1) 'bt'). This will help
us isolate the problem.
Thanks, Kurt
At 10:51 AM 1/30/2004, chris.paul@sentinare.net wrote:
>Full_Name: Chris Paul
>Version: 2.1.25
>OS: Linux kernel 2.4.20-8smp (RedHat 9)
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (206.15.87.2)
>
>
>I'm trying to follow the instructions from the Faq-o-Matic ("How do I use groups
>as manage access controls?").
>
>This is OpenLDAP 2.1.25 with BDB 4.2.52 running on Linux kernel 2.4.20-8smp
>(RedHat 9). It is a fresh database. I just imported all the records. I created a
>"groupofNames" object:
>
>dn: cn=Adminstrators,dc=company,dc=com
>cn: Adminstrators
>objectClass: groupOfNames
>objectClass: top
>member: uid=chris,ou=people,ou=corporate,dc=company,dc=com
>
>I try the following command:
>
>ldapmodify -v -ZZ -x -w password -D \
>uid=chris,ou=people,ou=corporate,dc=company,dc=com -f entry
>
>I get this result:
>
>ldap_initialize( <DEFAULT> )
>replace userPassword:
> changeme
>modifying entry "uid=test,ou=People,ou=Corporate,dc=company,dc=com"
>ldapmodify: update failed:
>uid=test,ou=People,ou=Corporate,dc=company,dc=com
>ldap_modify: unknown LDAP result code (-30990)
>
>Contents of "entry":
>
>dn: uid=test,ou=People,ou=Corporate,dc=company,dc=com
>changetype: modify
>replace: userPassword
>userPassword: changeme
>
>My backend definitions:
>
>#######################################################################
># bdb database definitions
>#######################################################################
>
>database bdb
>directory /var/lib/ldap
>suffix "dc=company,dc=com"
>rootdn "cn=Manager,dc=company,dc=com"
>rootpw password
>
>replica host=anotherserver.company.com:389
> tls=critical
> suffix="dc=company,dc=com"
> binddn="cn=Manager,dc=company,dc=com"
> bindmethod=simple credentials=test
>replogfile /var/lib/ldap/master-slapd.replog
>
># Indices to maintain
>index objectClass pres,eq
>index cn,sn,uid eq
>index uidNumber,gidNumber,memberUid eq
>index oncRpcNumber,ipServicePort eq
>index ipNetworkNumber,ipHostNumber eq
>
>access to attr=shadowLastChange
> by dn.base="cn=Manager,dc=company,dc=com" write
> by group.base="cn=Administrators,dc=company,dc=com" write
> by self write
> by * compare
>
>access to attr=userPassword
> by self write
> by anonymous auth
> by dn.base="cn=Manager,dc=company,dc=com" write
> by group.base="cn=Administrators,dc=company,dc=com" write
> by * compare
>
>access to dn.children="ou=Customers,dc=company,dc=com"
> by self write
> by group="cn=Administrators,dc=company,dc=com" write
> by users read
> by * read
>
>access to *
> by self write
> by dn.base="cn=Manager,dc=company,dc=com" write
> by users read
> by * read