Re: Permsion on Parent

[Robert Canary <phantom@ohiocounty.net>]

IAN YOU DA MAN!!!!

and while away from the office, too. !!!!!!

You da man Ian!!!

{walking away mumbleing to myself} He thought of that by himself, no
books or man pages,....wasn't even at the office...damn..he is the
man...

Ian Logan wrote:
> 
> Try something like this:
> 
> access to dn="ou=People,dc=example,dc=com" attr=children
>         by dn="cn=peopleroot,dc=example,dc=com" write
> 
> I believe it will do what you want. Sorry I'm away from the office right
> now, and cant check to be sure thats right.
> Ian
> 
> On Mon, Mar 10, 2003 at 08:15:19PM -0600, Robert Canary wrote:
> > I am trying create a record under ou=People,dc=example,dc=com
> >
> > I am using the dn"uid=newuser2add,ou=People,dc=example,dc=com
> >
> > If I run the ldif file with cn=root it gose fine, but I don'r want
> > that.  I am trying to setup a user specificly for adding new people.  So
> > I set a user called "peopleroot" and added this superuser in the acls as
> > follows:
> >
> > access to dn="uid=*,ou=People,dc=example,dc=com"
> >       by dn="cn=peopleroot,dc=example,dc=com" write
> >
> > But it still gives me:
> > ldap_add: Insuffiecent access
> > additional Info: nowrite access to parent
> > ldif_record()=50
> >
> > Can someone tell me what the proper dn for peopleroot should be to allow
> > write permissions
> >
> > thanks in advance
> > --
> > robert
> 
> --
> Ian Logan
> Information and Communication Technologies
> New Mexico State University
> Email: ian@nmsu.edu Phone: 505-646-6034 Fax: 505-646-4560