[Date Prev][Date Next]
ACL query : write by self without passwords ?
With respect to ACLs, what defines the 'self' category? I was assuming
this was a matching dn, but is there something more subtle involving
authentication of passwords?
I have a simple directory which contains entries corresponding to server
processes. I created a new object type which has a couple of attributes,
didn't associated a password attribute with the class. When a processes
up, I want it to lookup its own entry in the directory, and update
which differ from its current state.
I have a person object for root in the directory, and when I bind as
root I can
do the modify OK, as expected. This proves that the input file is valid
But when I try and bind as one of the entries I get -
ldapmodify -D "cn=xxxyy,dc=servers" -r -f /tmp/modf
modifying entry cn=xxxyy,dc=servers
ldap_modify: Insufficient access
Does this mean I have to ammend my object definition to have a password
attribute just to jump through an authentication hoop somewhere and
My slapd config for the directory is
rootdn "cn=mechanik, dc=servers"
access to *
by self write
by * read
Oh yeah, just pasting this in here made me think of another question.
you change the rootpw once the database is created? I flipped over the
above but that changes nothing. Do I need to do a ldapmodify of rootpw
bound as root ?