[Date Prev][Date Next]
Re: ACL for adding subtree
At 02:50 PM 8/6/99 -0500, firstname.lastname@example.org wrote:
>After many tries, I am still unable to add entries beneath the bind
>entry. Here is the acl and the ldif. While I understand the ACL stuff,
>implementing an access scheme has been a hair tearing experience.
>I am able to bind to "uid=ramana,ou=CS,o=IISc,c=IN" but when I try to
>add an address object underneath it I get
>$ ldapadd -W -D"uid=ramana, ou=CS, o=IISc, c=IN" -f address.ldif
>Enter LDAP Password:
>adding new entry cn=Address, uid=ramana, ou=CS, o=IISc, c=IN
>ldap_add: Insufficient access
Did you grant "uid=ramana, ou=CS, o=IISc, c=IN" write permission
to "uid=ramana, ou=CS, o=IISc, c=IN" entry's "children" ?
># subtree write (if DN fits within naming)
># other dn's, read
># default none
> by dn="$1" write
> by dn=".*,o=IISc,c=IN" read
> by * none
This doesn't grant the require permission.
>=> access_allowed: exit (uid=ramana, ou=CS, o=IISc, c=IN) attr
>no access to parent
Apparently none of your ACLs do.