using ldapmodify and simple authentication

[Frank Koenen <fkoenen@virtualmonet.com>]

Hello.

Am I correct in understanding that in using Simple Authentication with
"ldapmodify" requires I use a "uid=nnn" struct in my DN of those users
I wish to have the ability to bind with authentication? 

Can I get clarity. I'm using "ldapmodify" as such:

cat <<- !! > /tmp/input.$$
        dn: uid=mr501,ou=Members,o=MedRepublic,c=US
        add: foo
        foo: Hello
        !!
ldapmodify -v \
     -f /tmp/input.$$ \
     -h develop.medrepublic.com \
     -W \
     -D "uid=mr501,ou=Members,o=MedRepublic,c=US"


With the appropriate ACL definition in the /etc/slapd.conf file, this
works just fine. However, if I store my entities with a DN that does
not contain a "uid=nnn" pattern, I cannot get this to work. I get:

           ldap_modify: Insufficient access

Demonstration of the problem:

1) I created a entry with a DN of: "dn: foo=mr501,ou=Members,o=MedRepublic,c=US", 
   This entry is exactly the same as the DN using "uid=mr501" that works above, with
   only the "uid=" changed to "foo=".
2) I modified the following in my /etc/slapd.conf file and reset the
   slapd daemon:
     access to dn=".*,ou=Members,o=MedRepublic,c=US" by dn="foo=mr501,ou=Members,o=MedRepublic,c=US" write
3) I execute the "ldapmodify" command as such:
   ldapmodify -v \
     -f /tmp/input.$$ \
     -h develop.medrepublic.com \
     -W \
     -D "foo=mr501,ou=Members,o=MedRepublic,c=US"
4) Upon entering the password, I get the "ldap_modify: Insufficient access"
   message.


Can anyone identify what I'm overlooking? Am I misinterpreting the
intended implementation of the OpenLdap Simple authentication model?

-- 
Frank Koenen
Director of Technical Services
Monet Technologies Inc.
Email: fkoenen@virtualmonet.com Voice: 1-312-372-7500 x204 Fax: 1-312-372-6020

Visit us on the web: WWW.VIRTUALMONET.COM