[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLdap provider-client replication error
Hi,
On Tue, 11 Mar 2014, Seun Ojedeji wrote:
Hello thanks for your response,
On Tue, Mar 11, 2014 at 11:01 AM, Christian Kratzer <ck-lists@cksoft.de>wrote:
Hi,
On Tue, 11 Mar 2014, Seun Ojedeji wrote:
How do i fix the insuffient access problem? I am using the admin that has
full write access on ldap.
<snipp/>
Its a fresh ldap setup and i only have one admin user created (with on
personal user) here is the script i used in setting up ldap:
http://pastebin.com/JagCtptS
your acl for cn=config is as follows:
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break
This only allows the unix root user to manage cn=config.
The admin user you are using is for managing access to the main directory.
To manage cn=config in this setup you should use
ldapadd -Y EXTERNAL -H ldapi:///
ldapmodify -Y EXTERNAL -H ldapi:///
1. your openldap version
openldap-2.4.28
Do yourself a favor and upgrade to 2.4.39 before starting with any serious openldap work.
You can get upto date rpm and deb packages from http://ltb-project.org/wiki/
Greetings
Christian
2. your full configuration (preferably on pastebin oder such)
Use slapcat -n0 to extract the config
http://pastebin.com/U6SmeFNC
Thanks again for helping out
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: ck@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
--
Christian Kratzer CK Software GmbH
Email: ck@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/