[Date Prev][Date Next] [Chronological] [Thread] [Top]

access control



I have ldap up and running and thought i understood how it was all working but access control has me stumped all i want to do is lock down the infomation so that users can only edit there own records.  Later it would be handy to have different people being able to see different aspects i.e outside cranfield would only get name and e-mail.  However i can't see to make it work.
 
If i try to modify my record (ldif file)
 
dn: cn=paul d , o=cranfield, c=uk
cn: paul d
sn: burnet
objectclass: person
givenname: jase
userPassword: data
to change the givenname : using
 
ldapmodify -b -r -D "cn=paul, o=cranfield, c=uk" -w password -f /usr/local/myldif
 
i get insufficient access problems.
 
where am i going wrong there just seems to be no information out there on access control
 
my slapd.conf is below
 
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/slapd.at.conf
include         /usr/local/etc/openldap/slapd.oc.conf
schemacheck     off
#referral       ldap://root.openldap.org/
 
pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args
 
 
#######################################################################
# ldbm database definitions
#######################################################################
 
database        ldbm
suffix          "o=cranfield,c=uk"
rootdn          "cn=Manager,o=cranfield,c=uk"
rootpw          password
#ro
# cleartext passwords, especially for the rootdn, should
# be avoid.  See slapd.conf(5) for details.
directory       /usr/tmp
 
defaultaccess read
 
access to *
by self write
 
 
 
thanks for any help
 
paul