[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4552) Cannot add a dc=net with a rootdn equivalent account
Full_Name: Ashish Gawarikar
Version: 2.3.21
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (63.211.143.38)
This seems to be a regression from openldap 2.1.x which was the last one I
used.
Here is the part of slapd.conf:
----
access to *
by group/smiAdminGroupOfNames="cn=Directory Site Administrators,ou=SMI
Administrators,dc=admin,dc=local" write stop
by * break
#rootdn "cn=Manager"
#rootpw whatever
suffix ""
----
I generally keep the rootdn/rootpw commented. And use the member of the group
Site Administrators to add a new account. A new domain "x.com" can be added if
the dc=com entry pre-exists. If dc=com does not pre-exist I cannot add the x.com
domain using the member of the group Site Administrators.
Here is what I get:
# /usr/local/openldap/bin/ldapadd -Z -H ldap://:389/ -x -c -D
uid=admin,ou=sysAccounts,dc=admin,dc=local -w dmin < /justnet
adding new entry "dc=net"
ldap_add: No such object (32)
dn: dc=net
objectClass: top
objectClass: domain
dc: net
This used to work with openldap 2.0.x and 2.1.x
So I need to add the tld using rootdn/rootpw else I am never able to add any
tlds using the equivalent account. I have disabled the rootdn/rootpw access for
security purposes.