[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL for adding subtree

At 02:50 PM 8/6/99 -0500, ramana.ramachandran@wcom.com wrote:
>After many tries, I am still unable to add entries beneath the bind
>entry. Here is the acl and the ldif. While I understand the ACL stuff,
>implementing an access scheme has been a hair tearing experience.
>I am able to bind to  "uid=ramana,ou=CS,o=IISc,c=IN" but when I try to
>add an address object underneath it I get
>$ ldapadd -W -D"uid=ramana, ou=CS, o=IISc, c=IN" -f address.ldif
>Enter LDAP Password: 
>adding new entry cn=Address, uid=ramana, ou=CS, o=IISc, c=IN
>ldap_add: Insufficient access

Did you grant "uid=ramana, ou=CS, o=IISc, c=IN" write permission
to "uid=ramana, ou=CS, o=IISc, c=IN" entry's "children" ?

># subtree write (if DN fits within naming)
># other dn's, read
># default none
>access to
>    by dn="$1" write
>    by dn=".*,o=IISc,c=IN" read
>    by * none

This doesn't grant the require permission.

>=> access_allowed: exit (uid=ramana, ou=CS, o=IISc, c=IN) attr
>no access to parent

Apparently none of your ACLs do.