[Date Prev][Date Next] [Chronological] [Thread] [Top]

no write access to parent


There is acl in slapd.conf:

access to dn.one="ou=personal,ou=groups,o=vega"
        by group/groupOfUniqueNames/uniqueMember="cn=users-admins,ou=groups,o=vega" write
        by group/groupOfUniqueNames/uniqueMember="cn=tree-admins,ou=groups,o=vega" write
        by users read

And when  any  of  the  members of "cn=users-admins,ou=groups,o=vega"
tries to add a new object, he's got an error:
 no write access to parent

But he can modify exiting object without errors.

If I change dn.one to dn.sub, there is no errors at all.

Could anybody explain, what modification needs to parent object?

Our system:
$ uname -rs; pkg_info -Ix openldap-serv
FreeBSD 7.1-amd64-20090114-RELENG_7_1
openldap-server-2.4.13 Open source LDAP server implementation

Irina Shetukhina