[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4552) Cannot add a dc=net with a rootdn equivalent account

To: openldap-its@OpenLDAP.org
Subject: (ITS#4552) Cannot add a dc=net with a rootdn equivalent account
From: ashish@ratboy.net
Date: Wed, 17 May 2006 18:04:58 GMT

Full_Name: Ashish Gawarikar
Version: 2.3.21
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (63.211.143.38)


This seems to be a regression from openldap 2.1.x which was the last one I
used.

Here is the part of slapd.conf:
----

access to *
        by group/smiAdminGroupOfNames="cn=Directory Site Administrators,ou=SMI
Administrators,dc=admin,dc=local" write stop
        by * break

#rootdn  "cn=Manager"
#rootpw  whatever

suffix          ""

----

I generally keep the rootdn/rootpw commented. And use the member of the group
Site Administrators to add a new account. A new domain "x.com" can be added if
the dc=com entry pre-exists. If dc=com does not pre-exist I cannot add the x.com
domain using the member of the group Site Administrators.

Here is what I get:

# /usr/local/openldap/bin/ldapadd -Z -H ldap://:389/ -x -c -D
uid=admin,ou=sysAccounts,dc=admin,dc=local -w dmin < /justnet
adding new entry "dc=net"
ldap_add: No such object (32)

dn: dc=net
objectClass: top
objectClass: domain
dc: net


This used to work with openldap 2.0.x and 2.1.x

So I need to add the tld using rootdn/rootpw else I am never able to add any
tlds using the equivalent account. I have disabled the rootdn/rootpw access for
security purposes.

Prev by Date: RE: (ITS#4551) refreshOnly fails if provider is ever unreachable
Next by Date: Re: (ITS#4552) Cannot add a dc=net with a rootdn equivalent account
Index(es):
- Chronological
- Thread