[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL problem in slapd.conf

Have you put your "access" block AFTER your database declaration?

database hdb
suffix ....
rootdn ...

access to...

Because I have already had this error due to a bad delete/past in my conf.

On Fri, Sep 4, 2009 at 12:02 PM, Tomasz Chmielewski <mangoo@wpkg.org> wrote:
I would like to allow a user to edit everything in a given subtree.

For example, I would like to allow uid=Operator,ou=Users,dc=example,dc=com to edit all entries which are in *,ou=Users,dc=example,dc=com.

I tried to follow http://www.zytrax.com/books/ldap/ch6/#access to set up access for that user, but I keep getting "insufficient access".

fd=15 ACCEPT from IP= (IP=
conn=5 op=0 BIND dn="uid=Operator,ou=Users,dc=example,dc=com" method=128
conn=5 op=0 BIND dn="uid=Operator,ou=Users,dc=example,dc=com" mech=SIMPLE ssf=0
conn=5 op=0 RESULT tag=97 err=0 text=
conn=5 op=1 DEL dn="uid=d.user3,ou=Users,dc=example,dc=com"
conn=5 op=1 RESULT tag=107 err=50 text=no write access to entry

My rule in slapd.conf is:

access to dn="ou=Users,dc=example,dc=com"
  by dn="uid=Operator,ou=Users,dc=example,dc=com" write
  by dn="uid=Operator,ou=Users,dc=example,dc=com" read

I also tried to use:

access to dn.subtree="ou=Users,dc=example,dc=com"

But then I'm not even able to connect.

Tomasz Chmielewski