[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access directive

Yohann Fourteau wrote:
> Hi !
> I use the debian package (potato) of openldap, before today the access
> directives in my slapd.conf worked properly but now only the
> defaultaccess directive works !
> I try to add a :
> access to * by dn="cn=fourteau,ou=people,dc=webmotion,dc=com" write
> and I get a
> ldap_modify: Insufficient access
> with this binddn ?!?
> I don't understand. I don't know when the problem started.

The ACLs have changed a bit with OpenLDAP 2.0 (and I ran into the very
same problem some time ago). There is a FAQ about this.

Your specific problem ist, that the anonymous user has insufficient
access to authenticate as "cn=fourteau,ou=people,dc=webmotion,dc=com".
You could change your acl to:
access to * by dn=.... write
            by anonymous auth
(in fact anonymous needs only auth access to the pseudo-attribute entry
and the attribute userPassword (or whatever is used for authenticaten)
of the athenticating objects).

Stephan Siano

Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux Solutions AG                 Phone: 06196 50951 31
Mergenthalerallee 45-47			Fax:   06196 409607
D-65760 Eschborn