[Date Prev][Date Next] [Chronological] [Thread] [Top]

Create new user via a user belonging to a specific group



Hello all,

An example user in my LDAP structure is like:

dn: cn=Full Name,ou=Users,dc=mydomain,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: top
givenName: Full
sn: Name
cn: Full Name
uid: fname
userPassword: {MD5}HNtFsPRLE3okNNjVm6lmpw==
uidNumber: 1004
gidNumber: 100
homeDirectory: /home/fname
loginShell: /bin/bash
mail: fname@mydomain.com

This user is under group of IT where I want to give him access to add
new entry into the OpenLDAP.
I'm connecting to LDAP server via his details and phpldapadmin and
trying to create a new user but I'm getting the following error:

Error number: 0x13 (LDAP_CONSTRAINT_VIOLATION)
Description: Some constraint would be violated by performing the
action. This can happen when you try to add a second value to a
single-valued attribute, for example.

My ACL's in the master ldap server are:

access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=mydomain,dc=com" write
        by dn="uid=syncrepl,ou=system,dc=mydomain,dc=com" write
        by group/groupOfUniqueNames/uniqueMember="cn=IT,ou=Groups,dc=mydomain,dc=com"
write
        by dn="uid=authenticate,ou=system,dc=mydomain,dc=com" read
        by anonymous auth
        by self write
        by * none

access to attrs=givenName,sn,cn
        by group/groupOfUniqueNames/uniqueMember="cn=IT,ou=Groups,dc=mydomain,dc=com"
write
        by self write
        by users auth
        by anonymous auth

access to dn.base="" by * read

access to *
        by dn="cn=admin,dc=mydomain,dc=com" write
        by group/groupOfUniqueNames/uniqueMember="cn=LDAP
Admins,ou=Groups,dc=mydomain,dc=com" write
        by * read

I'm also using in this file the overlay unique for attributes uid,mail
and uidNumber in case that this has anything to do.

Any help is much appreciated.

Thanks