[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access Control
On Fri, 2002-12-27 at 22:00, eculp@encontacto.net wrote:
> Quoting Matty <mattyml@bellsouth.net>:
>
> | Howdy folks,
> |
> | I have been mucking with Access Control for the past day and 1/2, and
> | cannot seem to get a cn to authenticate. I created several
> | contact objects, and a cn named email [1] which I want to allow
> | read/write access to a specific branch of my DIT. After reading through
> | the docs on www.openldap.org, I thought:
> |
> | access to dn="ou=contacts,dc=dom,dc=com"
> | by dn="cn=email,dc=dom,dc=com" write
> |
> | would allow email to read/write to the contacts branch of the tree. When
> | I run ldapsearch:
> |
> | $ ldapsearch -h ldap.dom.com -LL -D 'cn=email,dc=dom,dc=com' -b
> | 'ou=contacts,dc=dom,dc=com' '(cn=*)'
> Matty,
>
> Have you tried
>
> ldapsearch -h ldap.dom.com -x -LL -D 'cn=email,dc=dom,dc=com' -W -b
> 'ou=contacts,dc=dom,dc=com' '(cn=*)'
>
I still get Insufficient privs when running this (I don't beleive 2.1.X
supports -x, or at least I don't see it in the man page). Without
the access portion in my slapd.conf, I cannot connect. Still not sure
why I have to have this though.
> or
>
> ldapsearch -h ldap.dom.com -x -LL -D 'cn=email,dc=dom,dc=com' -w password -b
> 'ou=contacts,dc=dom,dc=com' '(cn=*)'
>
> I am assuming that the cn=email,dc=dom,dc=com has a password defined.
>
> ed
>
> |
> | I get:
> |
> | Bind Password:
> | ldap_simple_bind_s: Insufficient access
> |
> | Anyone happen to know what I am missing? I have experimented with
> | various things I found on google, but so far, no luck :(
> |
> | Thanks for any insight,
> | Ryan
> |
> | [1]
> | dn: cn=email,dc=dom,dc=com
> | objectClass: top
> | objectClass: organizationalRole
> | objectClass: simpleSecurityObject
> | cn: email
> | description: User allowed to update the contacts tree
> | userPassword: (MD5)94cc0f2c4100623b4efc85a534b7cd2a
> |
> |
>
>
> --
>
>
> -------------------------------------------------