[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL problem

----- "Guillaume CHARDIN" <guillaume.chardin@gmail.com> wrote:

> Hi, i'm a begginer with openldap and I would like some help about
> configuring a test directory (for now).
> I tought I set up correctly the base of the directory, but I
> encounter
> some issues with ACL to delegate rw access to some users/OU/groups.
> While I can do anything on the directory with the 'rootdn', I wasnt
> able to give rw access to another user (admintest) on the directory.
> To achieve this tasks I use several tools : phpldapadmin, ldapadd,
> ldapdelete. And everytime these tools return error about the rights
> of
> the user I bind to de Directory.
> here is an example :
> ]#ldapdelete -x -D 'uid=admintest,dc=brcorp,dc=local' -W
> ou=test,dc=brcorp,dc=local
> Enter LDAP Password:
> ldap_delete: Insufficient access (50)
>             additional info: no write access to parent
> If i do the same with the rootdn user everything goes fine.

Remember, the rootdn user has full access and bypasses any ACLs, time or
search limits you have configured. That's why it's called root ;-)


Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.