[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access directive

To: Yohann Fourteau <yohann.fourteau@enst-bretagne.fr>
Subject: Re: Access directive
From: Stephan Siano <Stephan.Siano@suse.de>
Date: Fri, 04 Aug 2000 13:29:03 +0200
Cc: openldap-devel@OpenLDAP.org
References: <3989D6CF.963B19A7@enst-bretagne.fr>

Yohann Fourteau wrote:
> 
> Hi !
> 
> I use the debian package (potato) of openldap, before today the access
> directives in my slapd.conf worked properly but now only the
> defaultaccess directive works !
> I try to add a :
> access to * by dn="cn=fourteau,ou=people,dc=webmotion,dc=com" write
> 
> and I get a
> ldap_modify: Insufficient access
> with this binddn ?!?
> 
> I don't understand. I don't know when the problem started.

The ACLs have changed a bit with OpenLDAP 2.0 (and I ran into the very
same problem some time ago). There is a FAQ about this.

Your specific problem ist, that the anonymous user has insufficient
access to authenticate as "cn=fourteau,ou=people,dc=webmotion,dc=com".
You could change your acl to:
access to * by dn=.... write
            by anonymous auth
(in fact anonymous needs only auth access to the pseudo-attribute entry
and the attribute userPassword (or whatever is used for authenticaten)
of the athenticating objects).

Yours
Stephan Siano

-- 
Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux Solutions AG                 Phone: 06196 50951 31
Mergenthalerallee 45-47			Fax:   06196 409607
D-65760 Eschborn

Follow-Ups:
- Re: Access directive
  - From: Yohann Fourteau <yohann.fourteau@enst-bretagne.fr>

References:
- Access directive
  - From: Yohann Fourteau <yohann.fourteau@enst-bretagne.fr>

Prev by Date: Access directive
Next by Date: multiple app support / searchs
Index(es):
- Chronological
- Thread