[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: group access "write" in OpenLDAP 2.1.4

To: Tony Earnshaw <tonni@billy.demon.nl>, OpenLDAP-Software <openldap-software@OpenLDAP.org>
Subject: Re: group access "write" in OpenLDAP 2.1.4
From: Michiko Nagara <chigu@fjh.fujitsu.com>
Date: Fri, 13 Sep 2002 21:55:09 +0900
In-reply-to: <1031912647.1886.101.camel@billy.demon.nl>
References: <20020913171850.E062.CHIGU@fjh.fujitsu.com> <1031912647.1886.101.camel@billy.demon.nl>

On 13 Sep 2002 12:24:55 +0200
Tony Earnshaw <tonni@billy.demon.nl> wrote:

Hello, Tony!

> > And now, I have created a new record for michiko nagara.
> > cn=michiko nagara,dc=example,dc=com

She is not a member of  the group "administrators.example.com".

> > I tried to modify dn "cn=fred blogs,dc=example,dc=com",
> > I got a error mesage:
> > ldap_modify: Insufficient access (50)
> 
> Try adding 'by dn="cn=michiko nagara,dc=example,dc=com" write' to that
> ACL and try modifying as user michiko nagara. Then you have something to
> compare to.
> 
> Do *not* try do modify 'dn="cn=fred blogs,dc=example,dc=com"', by the
> way; modify some other attribute, or that DN will "disappear".

I tried to modify dn "cn=michiko nagara,dc=example,dc=com", it worked fine.

# ldapmodify -x -D "cn=fred blogs,dc=example,dc=com" -w passeord 
-f ./entrymod

entrymod:

dn: cn=michiko nagara,dc=example,dc=com
changetype: modify
add: cn
cn: michiko

> Errrm ... You are stopping and starting slapd each time you change an
> ACL, are you not?

No, I am doing that.
 
> > I  have indexed objectclass in slapd.conf:
> > index  objectClass  pres,eq
> > and run slapindex.
> 
> > Then, I tried to search filter "(objectclass=*)", but I got
> > no entries.
> 
> Are you using the right base in ldapsearch? You don't have to give a
> base, as long as the HOST/BASE combination in /etc/ldap.conf is correct,
> and BASE in that file matches SUFFIX in slapd.conf; otherwise you have
> to specify the base in ldapsearch (man ldapsearch).
> 
> After all, as I said, it works for me, so why shouldn't it work for you?

#ldapsearch -x -D "cn=fred blogs,dc=example,dc=com" -w password 
-b "dc=example,dc=com" "(objectclass=*)"
#  extended LDIF
#
# LDAPv3
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

I'm at a deadlock. 

It is late at night, it become 10:00 p.m. soon in Japan.
So, I will try again next week.
Thank you very much for many advices.

Thanks.
------
Michiko NAGARA

References:
- Re: group access "write" in OpenLDAP 2.1.4
  - From: Michiko Nagara <chigu@fjh.fujitsu.com>
- Re: group access "write" in OpenLDAP 2.1.4
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: replication with slurpd (not mine) message
Next by Date: RE: group access "write" in OpenLDAP 2.1.4
Index(es):
- Chronological
- Thread