[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: trouble with access control



At 08:39 13/04/06 +0200, Dr. Harry Knitter wrote:
Hello,

I am new with Openldap and with this list, too.

My problem is as follows:

I have set up an openldap server with simple bind.

Everything works fine when using rootdn to acess my data.
There are several addressbooks in different dns.

My access controls are:
access to *
        by * read

access to dn.subtree="dc=mydoamin,dc=tld"
        by dn="uid=harry,cn=users,ou=ldapconfig,dc=mydomain,dc=tld" write
        by * none

write instead:

access to dn.subtree="dc=mydoamin,dc=tld"
        by dn="uid=harry,cn=users,ou=ldapconfig,dc=mydomain,dc=tld" write
        by * none

access to *
        by * read

because slapd finds and stops at the first rule that matches the entry,

When trying to change or add a record to whatever dn I get an error that there
is no write access to this record.


Here are the syslog entries:

Apr 13 08:33:38 blechtrottel slapd[7163]: conn=4 fd=8 ACCEPT from
IP=10.255.80.1:16101 (IP=0.0.0.0:389)
Apr 13 08:33:38 blechtrottel slapd[7163]: conn=4 op=0 BIND
dn="uid=harry,cn=users,ou=ldapconfig,dc=mydomain,dc=tld" method=128
Apr 13 08:33:38 blechtrottel slapd[7163]: conn=4 op=0 BIND
dn="uid=harry,cn=users,ou=ldapconfig,dc=mydomain,dc=tld" mech=SIMPLE ssf=0
Apr 13 08:33:38 blechtrottel slapd[7163]: conn=4 op=0 RESULT tag=97 err=0
text=
Apr 13 08:33:38 blechtrottel slapd[7163]: conn=4 op=1 SRCH
base="ou=Kunden,ou=Dr. Harry Knitter EDV-Beratung,dc=mydomain,dc=tld" scope=1
deref=0 filter="(objectClass=*)"
Apr 13 08:33:38 blechtrottel slapd[7163]: conn=4 op=1 SRCH attr=l cn
description facsimileTelephoneNumber sn displayName givenName jpegPhoto mail
mobile o pager homePhone postalCode st street telephoneNumber title uid
Apr 13 08:33:38 blechtrottel slapd[7163]: conn=4 op=1 SEARCH RESULT tag=101
err=0 nentries=22 text=
Apr 13 08:34:00 blechtrottel slapd[7163]: conn=5 fd=14 ACCEPT from
IP=10.255.80.1:16102 (IP=0.0.0.0:389)
Apr 13 08:34:00 blechtrottel slapd[7163]: conn=5 op=0 BIND
dn="uid=harry,cn=users,ou=ldapconfig,dc=mydomain,dc=tld" method=128
Apr 13 08:34:00 blechtrottel slapd[7163]: conn=5 op=0 BIND
dn="uid=harry,cn=users,ou=ldapconfig,dc=mydomain,dc=tld" mech=SIMPLE ssf=0
Apr 13 08:34:00 blechtrottel slapd[7163]: conn=5 op=0 RESULT tag=97 err=0
text=
Apr 13 08:34:00 blechtrottel slapd[7163]: conn=5 op=1 SRCH
base="ou=Kunden,ou=Dr. Harry Knitter EDV-Beratung,dc=mydomain,dc=tld" scope=1
deref=0 filter="(uid=kaiphw92rb)"
Apr 13 08:34:00 blechtrottel slapd[7163]: conn=5 op=1 SRCH attr=dn
Apr 13 08:34:00 blechtrottel slapd[7163]: conn=5 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Apr 13 08:34:00 blechtrottel slapd[7163]: conn=4 op=2 ADD dn="cn=test
test,ou=Kunden,ou=Dr. Harry Knitter EDV-Beratung,dc=mydomain,dc=tld"
Apr 13 08:34:00 blechtrottel slapd[7163]: conn=4 op=2 RESULT tag=105 err=50
text=no write access to entry
Apr 13 08:34:00 blechtrottel slapd[7163]: conn=4 op=3 UNBIND
Apr 13 08:34:00 blechtrottel slapd[7163]: conn=4 fd=8 closed

What´s wrong?

Thanks for help.

Regards

Harry