[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL query : write by self without passwords ?

With respect to  ACLs, what defines the 'self' category? I was assuming
this was a matching dn, but is there something more subtle involving
authentication of passwords?

I have a simple directory which contains entries corresponding to server

processes. I created a new object type which has a couple of attributes,
but I
didn't associated a password attribute with the class. When a processes
up, I want it to lookup its own entry in the directory, and update
which differ from its current state.

I have a person object for root in the directory, and when I bind as
root I can
do the modify OK, as expected. This proves that the input file is valid
But when I try and bind as one of the entries I get -

 ldapmodify -D "cn=xxxyy,dc=servers" -r -f /tmp/modf
modifying entry cn=xxxyy,dc=servers
ldap_modify: Insufficient access

Does this mean I have to ammend my object definition to have a password
attribute just to jump through an authentication hoop somewhere and
allow the
modify ?

My slapd config for the directory is

database        ldbm
suffix          "dc=servers"
rootdn          "cn=mechanik, dc=servers"
rootpw          secret
#rootpw         {md5}5Gq1w8ohXqgQp6NumIwz3g==
directory       /export/tools/nippn/machines
access to *
        by self write
        by * read

Oh yeah, just pasting this in here made me think of another question.
How do
you change the rootpw once the database is created? I flipped over the
above but that changes nothing. Do I need to do a ldapmodify of rootpw
bound as root ?