[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldapaci

To: openldap-software@OpenLDAP.org
Subject: Re: openldapaci
From: Adam Tauno Williams <adam@morrison-ind.com>
Date: Mon, 03 Dec 2001 08:42:26 -0500 (EST)
In-reply-to: <01120317124103.09918@rmovva.waterfordindia.org>
References: <01120317124103.09918@rmovva.waterfordindia.org>
User-agent: IMP/PHP IMAP webmail program 2.2.1

>I have tried this approach.  But it doesn't work.  Is there any
>workaround.  hall i have to put something in access.conf.  Because, when i
>tried to update any attribute(self) it gives an error "Insufficient access
>rights". Currently my slapd.conf dont have anything related with the acl's.
>My Slapd.conf and access.conf are give below.

I'd think you need to add the initial ACI information while bound as the DSA
administrator.

Change your ACL to

access to * 
  by dn="cn=Manager,dc=..." write
  by aci write 

so you have a user who can add the ACI information prior to the ACI information
you need to write to the object existing.  Catch-22.

Did you add "objectclass: OpenLDAPacl" to the objects?

Did you change OpenLDAPaciMatch to caseIgnoreIA5Match in core.schema?

------------------------------------------------------------------------
ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf

References:
- openldapaci
  - From: "M.Raghu Babu" <rmovva@waterford.org>

Prev by Date: newbie Query
Next by Date: Openldap with MySQL: ODBC.INI not found !?
Index(es):
- Chronological
- Thread