[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access Control

To: openldap-software@OpenLDAP.org
Subject: Access Control
From: Matty <mattyml@bellsouth.net>
Date: 27 Dec 2002 21:27:18 -0500

Howdy folks,

I have been mucking with Access Control for the past day and 1/2, and
cannot seem to get a cn to authenticate. I created several
contact objects, and a cn named email [1] which I want to allow
read/write access to a specific branch of my DIT. After reading through
the docs on www.openldap.org, I thought:

access to dn="ou=contacts,dc=dom,dc=com"         
        by  dn="cn=email,dc=dom,dc=com"  write

would allow email to read/write to the contacts branch of the tree. When
I run ldapsearch:

$ ldapsearch -h ldap.dom.com -LL -D 'cn=email,dc=dom,dc=com' -b
'ou=contacts,dc=dom,dc=com' '(cn=*)'

I get:

Bind Password:
ldap_simple_bind_s: Insufficient access

Anyone happen to know what I am missing? I have experimented with
various things I found on google, but so far, no luck :(

Thanks for any insight,
Ryan

[1]
dn: cn=email,dc=dom,dc=com
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: email
description: User allowed to update the contacts tree
userPassword: (MD5)94cc0f2c4100623b4efc85a534b7cd2a

Follow-Ups:
- Re: Access Control
  - From: Matty <mattyml@bellsouth.net>
- Re: Access Control
  - From: Brenda Bell <k15a-list-openldap@mail.theotherbell.com>
- Re: Access Control
  - From: eculp@encontacto.net
- Re: Access Control
  - From: Peter Lavender <plaven@bigpond.net.au>

Prev by Date: RE: error in slapd.conf
Next by Date: Re: Access Control
Index(es):
- Chronological
- Thread