[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fw: Access Control in OpenLDAP 2.1.22



Hi,
 
I am trying to configure access control for my openldap.
 
I have the follwing tree
 
c=de
----+ o=dzbw
-----------+ou=Appl
---------------------+ ou=Users
 
The Users are defined under the entity Users, of type person
 
I have defined the follwoing in my slapd.conf
 
#User -Mapping
sasl-regexp
          uid=(.*),cn=.*,cn=auth
         id=$1,ou=Users,ou=Appl,o=dzbw,c=de
 
sasl-regexp
          uid=(.*),cn=.*,cn=.*,cn=auth
          id=$1,ou=Users,ou=Appl,o=dzbw,c=de
 
#No anonym. binding
disallow bind_anon
 
#Allow access only for users
access to dn.subtree="ou=Appl,o=dzbw,c=de"
   by users write
 
But when I try to create a new entity using one user defined under ou=Users, I get the error:
 
[LDAP: error code 50 - Insufficient Access Rights]
 
I  have also tried
 
access to dn.subtree="ou=Appl,o=dzbw,c=de"
   by dn. write
 
But it didn´t help
 
What´s wrong?