[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_add: Insufficient access ldif_record() = 50

To: "Ben Stambaugh" <bstambaugh@trueoutcomes.net>
Subject: Re: ldap_add: Insufficient access ldif_record() = 50
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 07 Oct 2005 21:31:05 -0700
Cc: "LDAP" <OpenLDAP-software@OpenLDAP.org>
In-reply-to: <W405068684230221128540627@webmail4>
References: <W405068684230221128540627@webmail4>

At 12:30 PM 10/5/2005, Ben Stambaugh wrote:
>I am a newbie to not only Linux, but also LDAP. In fact my entire company is and we are all learning as we go along. We want to start to using LDAP and have been trying to work through some LDAP turtorials and we have still managed to get stuck. We are just doing some very basic things just to get started and to get a feel for using LDAP.

Have you tried following the Quick Start Guide in the
Admin Guide?

>Sorry ahead of time for the files being so long.
>
>Now for the problem:
>
>When I issue the command:
>*****************
>ldapadd -f fraternity.ldif -xv -D "cn=DeanWormer,o=delta" -h 127.0.0.1
>*****************
>Just a side note: The reason that we are not using rootpw at this time is because every time that we try we just get error that we have invalid credentials. So we decided to forget them at this point and just so without.

As you didn't provide a password for authentication,
you get unauthenticated access which is equivalent
to anonymous.  Hence, the error.

As current versions of slapd(8) return an error by default
with unauthenticated access is requested, as well as return
a different error when anonymous users attempt directory
updates, I suspect you are using a very old version of slapd(8).
You should consider starting with the latest.




>I get this output:
>*****************
>ldap_init( 127.0.0.1, 0 )
>add objectClass:
>top
>dcObject
>organization
>add dc:
>delta
>add o:
>delta
>add description:
>The Delta House Fraternity Domain
>adding new entry "o=delta"
>ldap_add: Insufficient access
>
>ldif_record() = 50
>*****************
>
>
>
>
>Here is my slapd.conf file:
>*****************
># $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 2.8.8.7 2001/09/27 20:00:31 kurt Exp $
>#
># See slapd.conf(5) for details on configuration options.
># This file should NOT be world readable.
>#
>include /etc/openldap/schema/core.schema
>include /etc/openldap/schema/cosine.schema
>include /etc/openldap/schema/inetorgperson.schema
>#include /etc/openldap/schema/nis.schema
>#include /etc/openldap/schema/redhat/rfc822-MailMember.schema
>#include /etc/openldap/schema/redhat/autofs.schema
>#include /etc/openldap/schema/redhat/kerberosobject.schema
>
># Define global ACLs to disable default read access.
>
># Do not enable referrals until AFTER you have a working directory
># service AND an understanding of referrals.
>#referral ldap://root.openldap.org
>
>#pidfile //var/run/slapd.pid
>#argsfile //var/run/slapd.args
>
># Create a replication log in /var/lib/ldap for use by slurpd.
>#replogfile /var/lib/ldap/master-slapd.replog
>
># Load dynamic backend modules:
># modulepath /usr/sbin/openldap
># moduleload back_ldap.la
># moduleload back_ldbm.la
># moduleload back_passwd.la
># moduleload back_shell.la
>
>#
># The next three lines allow use of TLS for connections using a dummy test
># certificate, but you should generate a proper certificate by changing to
># /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
># slapd.pem so that the ldap user or group can read it.
># TLSCertificateFile /usr/share/ssl/certs/slapd.pem
># TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
># TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
>
>#######################################################################
># ldbm database definitions
>#######################################################################
>
>database ldbm
>suffix "o=delta"
># Only one suffix allowed per database
>#suffix "dc=delta,dc=org"
>rootdn "cn=DeanWormer,o=delta"
>#rootpw secret2
>directory /var/lib/ldap/fraternity
>defaultaccess read
>schemacheck on
>lastmod on
>index cn,sn,st eq,pres,sub
>*****************
>
>
>
>
>Here is a shortened version of my fraternity.ldif:
>*****************
>dn: o=delta
>objectClass: top
>objectclass: dcObject
>objectclass: organization
>dc: delta
>o: delta
>description: The Delta House Fraternity Domain
>
>dn: o=delta
>objectClass: top
>objectClass: organization
>o: delta
>description: Delta House
>
>dn: cn=DeanWormer,o=delta
>objectClass: organizationalRole
>cn: DeanWormer
>description: LDAP Directory Administrator
>
>dn: ou=1961,o=delta
>ou: 1961
>objectClass: top
>objectClass: organizationalUnit
>description: Year of Graduation 1961
>
>dn: cn=Bluto Butarsky,ou=1961,o=delta
>cn: Bluto Butarsky
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: inetOrgPerson
>mail: BButarsky@isp.com
>givenname: John
>sn: Butarsky
>ou: 1961
>uid: 1961
>employeeType: S
>postalAddress: 14 Cherry St.
>l: Austin
>st: TX
>postalcode: 76888
>telephoneNumber: (800)555-1212
>homePhone: 800-555-1313
>facsimileTelephoneNumber: 800-555-1414
>*****************
>
>Any bit of help would be great. Thanks.

References:
- ldap_add: Insufficient access ldif_record() = 50
  - From: "Ben Stambaugh" <bstambaugh@trueoutcomes.net>

Prev by Date: Re: Upgrading ACLs
Next by Date: Usenix LISA Conference
Index(es):
- Chronological
- Thread