[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Regarding distributed directory services : ldap_add_s: Insufficientaccess (50)

Subject: Re: Regarding distributed directory services : ldap_add_s: Insufficientaccess (50)
From: Tony Earnshaw <tonni@hetnet.nl>
Date: Wed, 12 Dec 2007 17:39:23 +0100
Cc: openldap-software@openldap.org
In-reply-to: <03e701c83c9f$40c33260$7705a8c0@RakeshWxp>
References: <032e01c83bf8$3abca970$7705a8c0@RakeshWxp> <Pine.SOC.4.64.0712111127260.4806@toolbox.rutgers.edu> <037d01c83c80$32e8b0d0$7705a8c0@RakeshWxp> <200712121041.13610.bgmilne@staff.telkomsa.net> <03e701c83c9f$40c33260$7705a8c0@RakeshWxp>
User-agent: Thunderbird 2.0.0.9 (X11/20071031)

Rakesh Yadav skrev, on 12-12-2007 10:13:

[...]

bdb_add: no write access to parent
[...]
Now tell me whats the problem.

The primary problem is, that you are not granting write access to the parent dn of the child dn that you wish to carry out operations on.

The secondary problem is, that you don't understand why, what you're doing wrong or how to alleviate the problem.

Now you're bothering the list to give you answers to what you could find out by reading the docs, agitating and not listening to advice. It's not likely to gain you friends or admirers here.

The log tells you what the problem is, if you bother to read it.
Actually i already knew that i was getting "bdb_add: no write access to parent" error but i wanted to ask how can i overcome it.

Because you can't be bothered to read the docs. So here's a comforter (http://www.m-w.com/dictionary/teat; a dummy 1:) for you:

From the OL 2.3 admin doc:

5.3.1. What to control access to

[...]

"There are two special pseudo attributes entry and children. To read (and hence return) a target entry, the subject must have read access to the target's entry attribute. To add or delete an entry, the subject must have write access to the entry's entry attribute AND must have write access to the entry's parent's children attribute. To rename an entry, the subject must have write access to entry's entry attribute AND have write access to both the old parent's and new parent's children attributes. The complete examples at the end of this section should help clear things up."

[...]

I didn't consult the 2.4 admin guide, but it's likely to be more or less the same.

but for the time being i have granted write permission to all in client slapd.conf file and it is working now.

This is not a good idea and defeats the whole concept of ACLs, upon which you (if you are administering a prof site) later will be *wholly* dependent.

Best,

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl

References:
- Regarding distributed directory services : ldap_add_s: Insufficient access (50)
  - From: "Rakesh Yadav" <rkyadav@cdac.in>
- Re: Regarding distributed directory services : ldap_add_s: Insufficient access (50)
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: Regarding distributed directory services : ldap_add_s: Insufficientaccess (50)
  - From: "Rakesh Yadav" <rkyadav@cdac.in>
- Re: Regarding distributed directory services : ldap_add_s: Insufficientaccess (50)
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- Re: Regarding distributed directory services : ldap_add_s: Insufficientaccess (50)
  - From: "Rakesh Yadav" <rkyadav@cdac.in>

Prev by Date: openldap delete attributetypes
Next by Date: syncrepl_message_to_op
Index(es):
- Chronological
- Thread