[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access Control

Howdy folks,

I have been mucking with Access Control for the past day and 1/2, and
cannot seem to get a cn to authenticate. I created several
contact objects, and a cn named email [1] which I want to allow
read/write access to a specific branch of my DIT. After reading through
the docs on www.openldap.org, I thought:

access to dn="ou=contacts,dc=dom,dc=com"         
        by  dn="cn=email,dc=dom,dc=com"  write

would allow email to read/write to the contacts branch of the tree. When
I run ldapsearch:

$ ldapsearch -h ldap.dom.com -LL -D 'cn=email,dc=dom,dc=com' -b
'ou=contacts,dc=dom,dc=com' '(cn=*)'

I get:

Bind Password:
ldap_simple_bind_s: Insufficient access

Anyone happen to know what I am missing? I have experimented with
various things I found on google, but so far, no luck :(

Thanks for any insight,

dn: cn=email,dc=dom,dc=com
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: email
description: User allowed to update the contacts tree
userPassword: (MD5)94cc0f2c4100623b4efc85a534b7cd2a