[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL problem

To: Guillaume CHARDIN <guillaume.chardin@gmail.com>
Subject: Re: ACL problem
From: Gavin Henry <ghenry@OpenLDAP.org>
Date: Mon, 13 Apr 2009 22:36:16 +0100 (BST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <aa184bd0904120942v65f5f785s203b5130931cc2a8@mail.gmail.com>

----- "Guillaume CHARDIN" <guillaume.chardin@gmail.com> wrote:

> Hi, i'm a begginer with openldap and I would like some help about
> configuring a test directory (for now).
> I tought I set up correctly the base of the directory, but I
> encounter
> some issues with ACL to delegate rw access to some users/OU/groups.
> While I can do anything on the directory with the 'rootdn', I wasnt
> able to give rw access to another user (admintest) on the directory.
> To achieve this tasks I use several tools : phpldapadmin, ldapadd,
> ldapdelete. And everytime these tools return error about the rights
> of
> the user I bind to de Directory.
> 
> 
> here is an example :
> ]#ldapdelete -x -D 'uid=admintest,dc=brcorp,dc=local' -W
> ou=test,dc=brcorp,dc=local
> Enter LDAP Password:
> ldap_delete: Insufficient access (50)
>             additional info: no write access to parent
> 
> If i do the same with the rootdn user everything goes fine.

Remember, the rootdn user has full access and bypasses any ACLs, time or
search limits you have configured. That's why it's called root ;-)

Gavin.

-- 
Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.

http://www.openldap.org/project/

References:
- ACL problem
  - From: Guillaume CHARDIN <guillaume.chardin@gmail.com>

Prev by Date: slapd leaking memory on i386?
Next by Date: Re: log level to see details of MOD operations
Index(es):
- Chronological
- Thread