I'm trying to make changes to the database as a different user than the
Manager and I am running into problems. I've played with the ACLs a lot
and from what I can tell they are good, but if I change them to just
"access to * by * write" things work as expected. I've been reading tons
of stuff, and must be missing one obvious thing that is assumed or
something. Your help again is appreciated. Here's the issue in detail...
// I'm trying to run this command:
# ldapmodify -W
-D "uid=JosiahRitchie,ou=People,dc=cougarnet,dc=bible,dc=edu"
// I enter this change:
dn: cn=Domain Users,ou=Groups,dc=cougarnet,dc=bible,dc=edu
changetype: modify
add: memberUid
memberUid: JasonStroup
// And get this response:
modifying entry "cn=Domain Users,ou=Groups,dc=cougarnet,dc=bible,dc=edu"
ldapmodify: update failed: cn=Domain
Users,ou=Groups,dc=cougarnet,dc=bible,dc=edu
ldap_modify: Insufficient access (50)
// I'm using the following ACLs:
access to attr=userPassword
by dn.base="cn=Manager,dc=cougarnet,dc=bible,dc=edu" write
by group.exact="cn=Domain
Admins,ou=Groups,dc=cougarnet,dc=bible,dc=edu" write
by self write
by anonymous auth
by * none break
access to *
by dn.base="cn=Manager,dc=cougarnet,dc=bible,dc=edu" write
by group.exact="cn=Domain
Admins,ou=Groups,dc=cougarnet,dc=bible,dc=edu" write
by self write
by * read
allow bind_v2
// uid=JosiahRitchie,ou=People,dc=cougarnet,dc=bible,dc=edu is listed as
a memberUid attr in cn=Domain
Users,ou=Groups,dc=cougarnet,dc=bible,dc=edu