[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldapmodify: Insufficient access
Hello.
I'm trying to install OpenLDAP to hold authentication information for my
FTP users. I've got it up and running, and can add and modify data as
Manager. I've also configured the ACL's in slapd as follows:
--------------------------------------------------
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=Manager,dc=liquidev,dc=com" write
by * none
access to *
by self write
by anonymous auth
by * read
--------------------------------------------------
However, when I try to modify the userPassword as a regular user, I get an
Insufficient Access response. The modification data looks like:
--------------------------------------------------
dn: cn=Aaron, dc=liquidev, dc=com
changetype: modify
replace: userPassword
userPassword: {crypt}passwordremoved
--------------------------------------------------
When I turn on aggressive debugging, I see that I'm being authenticated
but I'm not allowed to write:
--------------------------------------------------
=> access_allowed: write access to "cn=Aaron, dc=liquidev,
dc=com" "userPassword" requested
=> acl_get: [1] check attr userPassword
<= acl_get: [1] acl cn=Aaron, dc=liquidev, dc=com attr: userPassword
=> acl_mask: access to entry "cn=Aaron, dc=liquidev, dc=com", attr
"userPassword" requested
=> acl_mask: to value by "CN=AARON,DC=LIQUIDEV,DC=COM", (=n)
<= check a_dn_pat: *
<= acl_mask: [1] applying read (=rscx) (stop)
<= acl_mask: [1] mask: read (=rscx)
=> access_allowed: write access denied by read (=rscx)
--------------------------------------------------
I've searched google for the answer but have come up with nothing. Can
anyone help? Thanks.
-Mark Whittington
Liquid Development
--
[ http://pgpkeys.mit.edu:11371/ - search for markc@liquidev.com ]