Re: OpenLDAP DN's permissions

["Andrew C. Altepeter" <aaltepet@cs.und.edu>]

Ok,

This is really baffling me, but I think I still have some magic tricks up
my sleeve.  I can understand how frustrated you are...I have spent almost
the whole summer getting an openldap db up and running for authentication
purposes at my university, and am having no end of problems!

Here are a few more suggestions:

> [root@wrkst /root]# ldapadd -x -W -D "cn=ldapadm,dc=jdimedia,dc=local" -f
> test.ldif

So...cn=ldapadm...this user is specified as your rootdn also?  Just
clarifying.

> Enter LDAP Password:
> adding new entry "cn=blaat,dc=jdimedia,dc=local"
> ldap_add: Insufficient access
>         additional info: no write access to parent
>
> ldif_record() = 50
>
> ACL's :
>
> access to attr=userPassword
>         by self write
>         by anonymous auth
>         by dn="cn=ldapadm,dc=jdimedia,dc=local" write
>         by * none
>
>         access to *
>         by self write
>         by dn="cn=ldapadm,dc=jdimedia,dc=local" write
>         by * read

I'm not sure if this us just a typo, but I think you will want to have the
'access to *' acl not tabbed in like that.  It it isn't a type, then my
guess is that when parsing the acl's, slapd is skipping over it, and
allowing the default to be write.

You might also try defining this 'access to *' acl before your database
definition to make it a global acl...since it does appear to be a default
access sort of thing.

If this stuff doesn't work, feel free to e-mail me some more error output,
or whatever you might think useful.

Andy