(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) Trash : (Answer) What I do incorrectly?
I have OpenLDAP server: version 2.2.29, db - version 4.3.29. It is compiled with "--enable-aci=yes". I have a database with some objects: dn: dc=MyCompany,dc=de-CH dc: MyCompany objectClass: top objectClass: organization objectClass: dcObject o:: TXlPcmdhbml6YXRpb24=
dn: ou=neworganizationalUnit1, dc=MyCompany,dc=de-CH ou: neworganizationalUnit1 description: er ety erty objectClass: top objectClass: organizationalUnit
dn: ou=neworganizationalUnit2, dc=MyCompany,dc=de-CH ou: neworganizationalUnit2 description: er etyerty objectClass: top objectClass: organizationalUnit
dn: ou=neworganizationalUnit3, dc=MyCompany,dc=de-CH ou: neworganizationalUnit3 objectClass: top objectClass: organizationalUnit openLDAPaci: 1#entry#grant;r,w,s,c;[all]#access-id#cn=roma,ou=neworganizationalUnit3,dc=MyCompany,dc=de-CH
dn: cn=newemployee3,ou=neworganizationalUnit3, dc=MyCompany,dc=de-CH objectClass: person sn: newemployee3 cn: newemployee3
dn: cn=newemployee2,ou=neworganizationalUnit3, dc=MyCompany,dc=de-CH objectClass: person sn: newemployee2 cn: newemployee2
dn: cn=newemployee1,ou=neworganizationalUnit3, dc=MyCompany,dc=de-CH objectClass: person sn: newemployee1 cn: newemployee1
dn: cn=roma,ou=neworganizationalUnit3, dc=MyCompany,dc=de-CH userPassword:: e1NIQX1wcmJxTWNTYWpwUk8vcDdMd0hLaWFRT2hSaG89 objectClass: top objectClass: person sn: roma cn: roma
I try work under user cn=roma,ou=neworganizationalUnit3,dc=MyCompany,dc=de-CH. When I use the ACL in a configuration file: 
  access to *
    by self read
    by users read
    by anonymous auth
  access to dn="ou=neworganizationalUnit3, dc=MyCompany,dc=de-CH"
    by dn="cn=roma,ou=neworganizationalUnit3,dc=MyCompany,dc=de-CH" write
    by aci                                          write
    by *                                            none
and try to add an attribute 'description' to the object ou=neworganizationalUnit3,dc=MyCompany,dc=de-CH I have error message: '11:58:38 AM: Failed to add 'description' attribute for ldap://localhost:389/ou=neworganizationalUnit3,dc=MyCompany,dc=de-CH Root error: [LDAP: error code 50 - Insufficient Access Rights]'.
When I use the ACL in a configuration file: # access to * # by self read # by users read # by anonymous auth 
  access to dn="ou=neworganizationalUnit3, dc=MyCompany,dc=de-CH"
    by dn="cn=roma,ou=neworganizationalUnit3,dc=MyCompany,dc=de-CH" write
    by aci                                          write
    by *                                            none
and try to connect to a server (under user cn=roma,ou=neworganizationalUnit3,dc=MyCompany,dc=de-CH.) I have error message: '12:05:45 PM: Failed to connect to ldap://localhost:389 Root error: [LDAP: error code 49 - Invalid Credentials]'
I do not have already a working configuration under Linux, but I do not have an experience for work under Linux/Unix.
Thanks in advance!
[Append to This Answer]
roma_sharabura@mail.ru
Previous: (Answer) New Item
Next: (Answer) What must contain a file slapd.conf when I use the ACI instructions?
This document is: http://www.openldap.org/faq/index.cgi?file=1274
[Search] [Appearance]
This is a Faq-O-Matic 2.719.
© Copyright 2005, OpenLDAP Foundation, info@OpenLDAP.org