Re: How to confirm --enable-local

["Pierangelo Masarati" <ando@sys-net.it>]

> On Wed, 2004-03-24 at 14:51, Dieter Kluenter wrote:
>> My problem was, that only root could write to the socket ldapi,
>> changing to mode 777 did it for me.
>> I know that phpldapadmin-0.92 + is able to connect via ldapi socket.
>>
>
> Thanks, but I saw that mentioned before, maybe it was you, and tried it
> to no avail. Like I posted after this message you responded to, I get
> responses when trying ldapsearch -H
> 'ldapi://%2fvar%2frun%2fopenldap%2fldapi/'. This means it is working on
> the local Unix domain socket, correct?

Yes

>
> Also, I have the statement in my slapd.conf to allow write over the
> socket, but this is what I get:
>
> esmtp# ldapadd -f test.ldif -H
> 'ldapi://%2fvar%2frun%2fopenldap%2fldapi/'
> adding new entry "ou=Test,dc=webtent,dc=net"
> ldapadd: update failed: ou=Test,dc=webtent,dc=net
> ldap_add: Strong(er) authentication required (8)
>         additional info: modifications require authentication

write permissions on the socker are equired to USE it (even just for
reading!); write permissions on the directory have nothing to do with
socket permissions.

>
> I trimmed down my slapd.conf file with only this access statement:
>
> access to *
>         by sockurl="^ldapi:///$" write

If you're using 2.2, the default access is exact, so you should rather use

access to *
        by sockurl="ldapi:///" write

or, to be precise

access to *
        by sockurl.exact="ldapi:///" write

if you're using -h ldapi:/// for the server and -H ldapi:/// for the
client; otherwise, if you want to give write access whatever the path of
the socket is, use

access to *
        by sockurl.regex="^ldapi://.*$" write

or add the exact path you want to allow write access from.

p.



-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it