[Date Prev][Date Next]
Re: group access "write" in OpenLDAP 2.1.4
On 13 Sep 2002 12:24:55 +0200
Tony Earnshaw <email@example.com> wrote:
> > And now, I have created a new record for michiko nagara.
> > cn=michiko nagara,dc=example,dc=com
She is not a member of the group "administrators.example.com".
> > I tried to modify dn "cn=fred blogs,dc=example,dc=com",
> > I got a error mesage:
> > ldap_modify: Insufficient access (50)
> Try adding 'by dn="cn=michiko nagara,dc=example,dc=com" write' to that
> ACL and try modifying as user michiko nagara. Then you have something to
> compare to.
> Do *not* try do modify 'dn="cn=fred blogs,dc=example,dc=com"', by the
> way; modify some other attribute, or that DN will "disappear".
I tried to modify dn "cn=michiko nagara,dc=example,dc=com", it worked fine.
# ldapmodify -x -D "cn=fred blogs,dc=example,dc=com" -w passeord
dn: cn=michiko nagara,dc=example,dc=com
> Errrm ... You are stopping and starting slapd each time you change an
> ACL, are you not?
No, I am doing that.
> > I have indexed objectclass in slapd.conf:
> > index objectClass pres,eq
> > and run slapindex.
> > Then, I tried to search filter "(objectclass=*)", but I got
> > no entries.
> Are you using the right base in ldapsearch? You don't have to give a
> base, as long as the HOST/BASE combination in /etc/ldap.conf is correct,
> and BASE in that file matches SUFFIX in slapd.conf; otherwise you have
> to specify the base in ldapsearch (man ldapsearch).
> After all, as I said, it works for me, so why shouldn't it work for you?
#ldapsearch -x -D "cn=fred blogs,dc=example,dc=com" -w password
-b "dc=example,dc=com" "(objectclass=*)"
# extended LDIF
# filter: (objectclass=*)
# requesting: ALL
# search result
result: 0 Success
# numResponses: 1
I'm at a deadlock.
It is late at night, it become 10:00 p.m. soon in Japan.
So, I will try again next week.
Thank you very much for many advices.