[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_add: Insufficient access ldif_record() = 50



Being a newbie doesn't imply that one will get immediate help in doing
things different from what recommended in the Quick Start Guide
<http://www.openldap.org/doc/admin23/quickstart.html>.  There are few
errors in what you're doing, essentially in all points where you depart
from doing as described in that guide.  I strongly recommend you follow
what's illustrated in there step by step and solve the problems in the
order they appear to you.  The fact you get "insufficient access" when you
do not supply a password should tell you where your __latest__ problem is;
the fact you're unable to successfully supply a password should point you
to where your __real__ problem is.  I'd solve this first.  Unfortunately
none of us have hands on your computer, so you'll need to work it out
yourself, and I'm confident the solution is not too far from here
<http://www.openldap.org/doc/admin23/quickstart.html>.

p.

> I am a newbie to not only Linux, but also LDAP. In fact my entire company
> is and we are all learning as we go along. We want to start to using LDAP
> and have been trying to work through some LDAP turtorials and we have
> still managed to get stuck. We are just doing some very basic things just
> to get started and to get a feel for using LDAP. Sorry ahead of time for
> the files being so long.
>
> Now for the problem:
>
> When I issue the command:
> *****************
> ldapadd -f fraternity.ldif -xv -D "cn=DeanWormer,o=delta" -h 127.0.0.1
> *****************
> Just a side note: The reason that we are not using rootpw at this time is
> because every time that we try we just get error that we have invalid
> credentials. So we decided to forget them at this point and just so
> without.
>
>
> I get this output:
> *****************
> ldap_init( 127.0.0.1, 0 )
> add objectClass:
> top
> dcObject
> organization
> add dc:
> delta
> add o:
> delta
> add description:
> The Delta House Fraternity Domain
> adding new entry "o=delta"
> ldap_add: Insufficient access
>
> ldif_record() = 50
> *****************
>
>
>
>
> Here is my slapd.conf file:
> *****************
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 2.8.8.7 2001/09/27
> 20:00:31 kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> #include /etc/openldap/schema/nis.schema
> #include /etc/openldap/schema/redhat/rfc822-MailMember.schema
> #include /etc/openldap/schema/redhat/autofs.schema
> #include /etc/openldap/schema/redhat/kerberosobject.schema
>
> # Define global ACLs to disable default read access.
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> #pidfile //var/run/slapd.pid
> #argsfile //var/run/slapd.args
>
> # Create a replication log in /var/lib/ldap for use by slurpd.
> #replogfile /var/lib/ldap/master-slapd.replog
>
> # Load dynamic backend modules:
> # modulepath /usr/sbin/openldap
> # moduleload back_ldap.la
> # moduleload back_ldbm.la
> # moduleload back_passwd.la
> # moduleload back_shell.la
>
> #
> # The next three lines allow use of TLS for connections using a dummy test
> # certificate, but you should generate a proper certificate by changing to
> # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions
> on
> # slapd.pem so that the ldap user or group can read it.
> # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
> # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
> # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database ldbm
> suffix "o=delta"
> # Only one suffix allowed per database
> #suffix "dc=delta,dc=org"
> rootdn "cn=DeanWormer,o=delta"
> #rootpw secret2
> directory /var/lib/ldap/fraternity
> defaultaccess read
> schemacheck on
> lastmod on
> index cn,sn,st eq,pres,sub
> *****************
>
>
>
>
> Here is a shortened version of my fraternity.ldif:
> *****************
> dn: o=delta
> objectClass: top
> objectclass: dcObject
> objectclass: organization
> dc: delta
> o: delta
> description: The Delta House Fraternity Domain
>
> dn: o=delta
> objectClass: top
> objectClass: organization
> o: delta
> description: Delta House
>
> dn: cn=DeanWormer,o=delta
> objectClass: organizationalRole
> cn: DeanWormer
> description: LDAP Directory Administrator
>
> dn: ou=1961,o=delta
> ou: 1961
> objectClass: top
> objectClass: organizationalUnit
> description: Year of Graduation 1961
>
> dn: cn=Bluto Butarsky,ou=1961,o=delta
> cn: Bluto Butarsky
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> mail: BButarsky@isp.com
> givenname: John
> sn: Butarsky
> ou: 1961
> uid: 1961
> employeeType: S
> postalAddress: 14 Cherry St.
> l: Austin
> st: TX
> postalcode: 76888
> telephoneNumber: (800)555-1212
> homePhone: 800-555-1313
> facsimileTelephoneNumber: 800-555-1414
> *****************
>
> Any bit of help would be great. Thanks.
>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497