[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access Control

Quoting Matty <mattyml@bellsouth.net>:

 | Howdy folks,
 | I have been mucking with Access Control for the past day and 1/2, and
 | cannot seem to get a cn to authenticate. I created several
 | contact objects, and a cn named email [1] which I want to allow
 | read/write access to a specific branch of my DIT. After reading through
 | the docs on www.openldap.org, I thought:
 | access to dn="ou=contacts,dc=dom,dc=com"
 |         by  dn="cn=email,dc=dom,dc=com"  write
 | would allow email to read/write to the contacts branch of the tree. When
 | I run ldapsearch:
 | $ ldapsearch -h ldap.dom.com -LL -D 'cn=email,dc=dom,dc=com' -b
 | 'ou=contacts,dc=dom,dc=com' '(cn=*)'

Have you tried 

ldapsearch -h ldap.dom.com -x -LL -D 'cn=email,dc=dom,dc=com' -W -b 
'ou=contacts,dc=dom,dc=com' '(cn=*)'


ldapsearch -h ldap.dom.com -x -LL -D 'cn=email,dc=dom,dc=com' -w password -b 
'ou=contacts,dc=dom,dc=com' '(cn=*)'

I am assuming that the cn=email,dc=dom,dc=com has a password defined.


 | I get:
 | Bind Password:
 | ldap_simple_bind_s: Insufficient access
 | Anyone happen to know what I am missing? I have experimented with
 | various things I found on google, but so far, no luck :(
 | Thanks for any insight,
 | Ryan
 | [1]
 | dn: cn=email,dc=dom,dc=com
 | objectClass: top
 | objectClass: organizationalRole
 | objectClass: simpleSecurityObject
 | cn: email
 | description: User allowed to update the contacts tree
 | userPassword: (MD5)94cc0f2c4100623b4efc85a534b7cd2a