[Date Prev][Date Next] [Chronological] [Thread] [Top]

unknown LDAP result code (-30990): using groups to manage ACL's

Hello OpenLDAP users,

I'm trying to follow the instructions from the Faq-o-Matic ("How do I
use groups as manage access controls?").

This is OpenLDAP 2.1.25 with BDB 4.2.52 (RedHat 9). It is a fresh
database. I just imported all the records. I created a "groupofNames"
object:

dn: cn=Adminstrators,dc=company,dc=com
cn: Adminstrators
objectClass: groupOfNames
objectClass: top
member: uid=chris,ou=people,ou=corporate,dc=company,dc=com

I try the following command:

ldapmodify -v -ZZ -x -w password -D \
uid=chris,ou=people,ou=corporate,dc=company,dc=com -f entry

I get this result:

ldap_initialize( <DEFAULT> )
replace userPassword:
        changeme
modifying entry "uid=test,ou=People,ou=Corporate,dc=company,dc=com"
ldapmodify: update failed:
uid=test,ou=People,ou=Corporate,dc=company,dc=com
ldap_modify: unknown LDAP result code (-30990)

Contents of "entry":

dn: uid=test,ou=People,ou=Corporate,dc=company,dc=com
changetype: modify
replace: userPassword
userPassword: changeme


access to attr=shadowLastChange
    by dn.base="cn=Manager,dc=company,dc=com" write
    by group.exact="cn=Administrators,dc=company,dc=com" write
    by self write
    by * compare

access to attr=userPassword
    by self write
    by anonymous auth
    by dn.base="cn=Manager,dc=company,dc=com" write
    by group="cn=Administrators,dc=company,dc=com" write
    by * compare

access to dn.children="ou=Customers,dc=company,dc=com"
    by self write
    by group="cn=Administrators,dc=company,dc=com" write
    by users read
    by * read

access to *
    by self write
    by dn.base="cn=Manager,dc=company,dc=com" write
    by users read
    by * read

thanks,

CP