[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8519) Mahesh

Full_Name: Maheshwar Reddy
Version: 2.4.4
OS: CentOS 6.5
URL: ftp://ftp.openldap.org/incoming/Mahesh
Submission from: (NULL) (

Dear Openldap Support,

First of all thank for the open community, We have been using openldap since
last 5 years. 

Right now we are trying to decommission older version of openldap and trying to
build newversion. Prior to that we are testing the openldap functionality and we
observed some issue while configuring.

We have a Linux team, and they all are need ldap write access. I've created a
group and provided a ldap write access to that group. But the people who belongs
to that group they were unable to write the ldiff files. 

Attached information, kindly take look into it. 

you help would highly appreciated. 

# ldap_writers, access_control, redhot, redhot.com
dn: cn=ldap_writers,ou=access_control,o=redhot,dc=redhot,dc=com
cn: ldap_writers
objectClass: organizationalRole
description: Grants full LDAP write access
roleOccupant: uid=maheshwar.reddy,ou=users,o=redhot,dc=redhot,dc=com

[root@sal-lnx01 ~]# cat grantaccess.ldif
dn: olcDatabase={2}bdb,cn=nonfig
changetype: modify
add: olcAccess
olcAccess: to * by group/organizationalRole/roleOccupant="cn=ldap_writers,ou=access_control,o=redhot,dc=redhot,dc=com"

[root@sal-lnx01 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f grantaccess.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifying entry "olcDatabase={2}bdb,cn=config"

[root@sal-lnx01 ~]# slapcat -n0 | tail -n10
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=redhot,dc=com" write by * read
olcAccess: {3}to * by group/organizationalRole/roleOccupant="cn=ldap_writers
 ,ou=access_control,o=redhot,dc=redhot,dc=com" write
olcSuffix: dc=redhot,dc=com
olcRootDN: cn=Manager,dc=redhot,dc=com
entryCSN: 20161017124350.966527Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20161017124350Z

[root@sal-lnx01 ~]# ldapadd -x -W -D
uid=maheshwar.reddy,ou=users,o=redhot,dc=redhot,dc=com -f test.ldif
Enter LDAP Password:
adding new entry "uid=srikanth.reddy,ou=users,o=redhot,dc=redhot,dc=com"
ldap_add: Insufficient access (50)
        additional info: no write access to parent

[root@sal-lnx01 ~]# cat test.ldif
# srikanth.reddy, users, redhot.com
dn: uid=srikanth.reddy,ou=users,o=redhot,dc=redhot,dc=com
cn: Maheshwar
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
givenName: Maheshwar Reddy
loginShell: /bin/bash
mail: srikanth.reddy@redhot.com
sn: Reddy
uid: srikanth.reddy
uidNumber: 10001
gidNumber: 1000
userPassword: {SSHA}UQU2j5vBuGqjfTE3x+UlA2Ez1ENHAZ/Q