[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access to * by * write (stil I can't delete the root dn)

To: jay alvarez <ldapb0y@yahoo.com>
Subject: Re: access to * by * write (stil I can't delete the root dn)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 24 Jun 2005 19:37:16 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20050622082220.32775.qmail@web31506.mail.mud.yahoo.com>
References: <20050622082220.32775.qmail@web31506.mail.mud.yahoo.com>

Try the operation while authenticated as the rootdn.

Kurt

At 01:22 AM 6/22/2005, jay alvarez wrote:
>Hi,
>  Before I only have one problem, that is, no matter
>how I authenticate to openldap e.g; using gssapi or
>just with a -x option, I still cannot delete my root
>dn. It says insufficient privilege. What I wanted to
>do is to change the my root dn name. I would like it
>to be changed from dc=camlann,dc=pregi,dc=net to
>dc=preginet. I can delete all but the root dn. So what
>I did was to just delete the whole openldap-data
>directory and create another one. Now I have two
>problems, slapd won't start. And even if it did, I
>cannot add any ldif entry because of the error object
>not found. Looking at the debug.log, bdb seems to be
>looking for some sort of check point(I can see some
>lines containing the old root
>dn-dc=camlann,dc=pregi,dc=net). Forgive me for asking
>this question here for this might be a bdb question
>and not openldap specific, but it just crossed my mind
>that there might be some bdb library calls being
>created by openldap, and if this is the case, I will
>leave this question to openldap programmers.
>
>I've read some berkeley db and seen some notes like
>this one regarding locking or some sort of log
>checkpoints, but I don't know if it has something to
>do with my problem. 
>Quoting:
>
>"When designing applications that will use the log
>subsystem, it is important to remember that the
>application is responsible for providing any necessary
>structure to the log record. For example, the
>application must understand what part of the log
>record is an operation code, what part identifies the
>file being modified, what part is redo information,
>and what part is undo information.... and many more"
>
>Sorry I cannot give you the debug.log because I have
>emptied it. I have repeated the process but it didn't
>gave me the same log message as before. As I have told
>you before, slapd won't even start giving some useful
>log messages but now I can make it start, only I can't
>do anything when it is started.
>
>I hope you can help me
>Thank you very much.
>
>
>
>
>
>                
>____________________________________________________ 
>Yahoo! Sports 
>Rekindle the Rivalries. Sign up for Fantasy Football 
>http://football.fantasysports.yahoo.com

References:
- access to * by * write (stil I can't delete the root dn)
  - From: jay alvarez <ldapb0y@yahoo.com>

Prev by Date: Re: Clustering / failover
Next by Date: Re: ACLs: Dn.subtree + dnattr
Index(es):
- Chronological
- Thread