[Date Prev][Date Next]
I know this has a very simple solution, unfortunately ACL's are
kicking my rear.
I have what is turning out to be a company roster with names, email,
telephone, address, and userpassword. What I'm trying to allow is
just three users to authenticate and view "sensitive" info (i.e.
telephone number, home address, password). Here's what I have so far
for the ACLS:
access to dn="ou=cmc,dc=cmcflex,dc=com"
by users write
by * auth
access to *
by * read
Okay, so far anonymous just see the "basic" (non-sensitive) fields.
ldapsearch -x -D "cn=mtice[at]cmcflex.com,ou=cmc,dc=cmcflex,dc=com" -
I can view ALL info - which is what I want. So ultimately it now
comes down to adding/deleting/modifying entries. I'm trying to add a
test user using the command:
ldapadd -x -w secret -D "cn=mtice[at]
cmcflex.com,ou=cmc,dc=cmcflex.dc=com" -f test.ldif
I get the error:
ldap_add: Insufficient access (50)
additional info: no write access to parent
I suppose it means that just because I can write to
ou=cmc,dc=cmcflex,dc=com - but not dc=cmcflex,dc=com. Is that
correct or am I way off? I tried messing with the ACL's a bit but
just completely screwed it up.
I'm using open-ldap v. 2.2.27 on a Suse 10 box. If I need to post
any additional info please let me know. Any help would be greatly