[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unable to edit cn=config


How do I bind as the rootdn when I use the command "sudo ldapmodify -Y EXTERNAL -f smbkrb5pwd_load.ldif"

sudo ldapmodify -D "cn=admin,dc=domain,dc=net" -w secret -f smbkrb5pwd_load.ldif 
modifying entry "cn=module{0},cn=config"
ldap_modify: Insufficient access (50)

I entered slapcat -n0 and found that dn: cn=module[0},cn=config doesn't have an admin in it.

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
structuralObjectClass: olcModuleList
entryUUID: d36d2386-2d84-1031-9046-6d09752e7d3a
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20120508181023Z
entryCSN: 20120508181023.990015Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20120508181023Z

Thanks for the help, I really appreciate it.



On Thu, Jun 27, 2013 at 6:26 AM, Dan White <dwhite@olp.net> wrote:
On 06/26/13 15:34 -0700, Michael Roth wrote:
Hello openldap masters,

I have a big issue and I'm praying someone can help me

Am I able to change the ACL so I can edit cn=config to load a module in? If
so how do I do that?

If you bind as the rootdn, ACL restrictions do not apply. To view your
existing olcRootDN/olcRootPW configuration, do:

slapcat -n0


When I load changes into LDAP I'm denied.

$ sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f smbkrb5pwd_load.ldif

modifying entry "cn=module{0},cn=config"

ldap_modify: Insufficient access (50)

--
Dan White