[Date Prev][Date Next]
Re: Regarding distributed directory services : ldap_add_s: Insufficientaccess (50)
Rakesh Yadav skrev, on 12-12-2007 10:13:
bdb_add: no write access to parent
Now tell me whats the problem.
The primary problem is, that you are not granting write access to the
parent dn of the child dn that you wish to carry out operations on.
The secondary problem is, that you don't understand why, what you're
doing wrong or how to alleviate the problem.
Now you're bothering the list to give you answers to what you could find
out by reading the docs, agitating and not listening to advice. It's not
likely to gain you friends or admirers here.
The log tells you what the problem is, if you bother to read it.
Actually i already knew that i was getting "bdb_add: no write access to
parent" error but i wanted to ask how can i overcome it.
Because you can't be bothered to read the docs. So here's a comforter
(http://www.m-w.com/dictionary/teat; a dummy 1:) for you:
From the OL 2.3 admin doc:
5.3.1. What to control access to
"There are two special pseudo attributes entry and children. To read
(and hence return) a target entry, the subject must have read access to
the target's entry attribute. To add or delete an entry, the subject
must have write access to the entry's entry attribute AND must have
write access to the entry's parent's children attribute. To rename an
entry, the subject must have write access to entry's entry attribute AND
have write access to both the old parent's and new parent's children
attributes. The complete examples at the end of this section should help
clear things up."
I didn't consult the 2.4 admin guide, but it's likely to be more or less
but for the time being i have granted write permission to all in client
slapd.conf file and it is working now.
This is not a good idea and defeats the whole concept of ACLs, upon
which you (if you are administering a prof site) later will be *wholly*
Email: tonni at hetnet dot nl