[Date Prev][Date Next]
Re: Access directive
Yohann Fourteau wrote:
> Hi !
> I use the debian package (potato) of openldap, before today the access
> directives in my slapd.conf worked properly but now only the
> defaultaccess directive works !
> I try to add a :
> access to * by dn="cn=fourteau,ou=people,dc=webmotion,dc=com" write
> and I get a
> ldap_modify: Insufficient access
> with this binddn ?!?
> I don't understand. I don't know when the problem started.
The ACLs have changed a bit with OpenLDAP 2.0 (and I ran into the very
same problem some time ago). There is a FAQ about this.
Your specific problem ist, that the anonymous user has insufficient
access to authenticate as "cn=fourteau,ou=people,dc=webmotion,dc=com".
You could change your acl to:
access to * by dn=.... write
by anonymous auth
(in fact anonymous needs only auth access to the pseudo-attribute entry
and the attribute userPassword (or whatever is used for authenticaten)
of the athenticating objects).
Stephan Siano Mail: Stephan.Siano@suse.de
SuSE Linux Solutions AG Phone: 06196 50951 31
Mergenthalerallee 45-47 Fax: 06196 409607