[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GQ write issue



[ Tony Earnshaw: Feb 5 10:39 ]

>> ----------------------------------------------------
>> LDAP host : ldap.example.com
>> Base DN  : dc=example,dc=com
>> Bind DN  : cn=Jason Armstrong,dc=example,dc=com
>> Bind type  : Simple
>> Search Attribute : (objectclass=*)
>> ----------------------------------------------------
>>
>> But attempting to modify an entry gives the message: Insufficient
>> access
>
>Hmmm ... while you seem to have given a password for authentication in
>ldapmodify, you don't seem to have given a password in GQ. Therefore
>your credentials are wrong. The log shows an anonymous bind, at any
>rate.

Your answer got me to experiment a bit more with the settings in gq.
When I define a server, there is an option 'Ask password on first
connect', which I had checked. This caused the two password fields to be
greyed out, but I was given a password popup when I first connected to
the ldap server. So I tried to uncheck the option, and filled the
password fields in, and it worked. This doesn't sound correct to me, and
in addition the password is stored as plain text in a xml file ~/.gq,
but I will take this up with the developers of gq rather then here.

>You may have done, but in your slapd.conf, you omit the essential access
>to attr=userPassword by anonymous auth, thingy. How is Openldap supposed
>to know who Jason Armstrong is, unless he proves it with his password?
>And how can he authenticate in the first place, unless he does it
>anonymously?

This didn't make a difference, access to userPassword, when I was
granted root access as above.

Thank-you for the help.

Regards

--
Jason Armstrong