[Date Prev][Date Next] [Chronological] [Thread] [Top]


Hello All,

I am faced with the following problem. I want to create an Admin
entry in the OpenLDAP  2.07 database. that is this entry should 
have all the access. This is the kind of tree

             /  | 
        Admin  OU
              /  |  \
            BU1 BU2 BU3

Now the access control section is as follows.

access to *
       by dn="cn=Admin,dc=example,dc=com" write

Also ldapadd of the Admin entry was made with the help of
rootdn (admin entry's  DN is "cn=Admin,dc=example,dc=com" )
I must tell that admin entry is based on adminObject which I
added in local.schema which is as follows

# this is for admin entry

objectclass ( NAME 'adminObject' SUP top STRUCTURAL
       MUST ( cn $ userPassword )
       MAY  ( sn $ description ) )

But when I am trying to add entries as follows

ldapadd -D "cn=Admin,dc=example,dc=com" -f test.ldif

test.ldif contains
description:unit of business

I am getting the error 
ldap_add: Insufficient access
    additional info: no write access to parent

Also if I specify -w "password" with ldapadd then the ldap_bind
is giving the Insufficient access error 

This is the exact reproduction of the symptom. Could anyone
point out the mistake ??