[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP permissions question

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: OpenLDAP permissions question
From: Igor Shmukler <igor.shmukler@gmail.com>
Date: Wed, 18 Mar 2015 23:28:35 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=QBHSh7A6KCza5y8SzXq2tp2RxjZ8wW1RDHZ+FfoS+GA=; b=BY3Z0qaQgRCxQ0n48aVV5M4MfKw3i26E09GhCN7BULkpVl7iyggtqlRMHpwFRqw6BO 7OIdlXGH868Xsmo/dL/n8+crzohWN9fY4SM164uK1xwkXI8QEt1uK7KKS+oJ2fHuib2Y R1pqPL/YixUpH+/VcbAdnKvXPJ3wYwyj0SCa2MEgK6T8hmVabJLDCpPDWwDYbrLkUiHc pdnG+3deqDYEPsgt57bqYaII7mr2v+/3aGeOoi7VxmPZY+6OEK1eP8HXIj9GaFuzYajo CQGUc0TmijUAP80xULcYwRyPthEN+rK4F/+cLWPPsIkVR5wfj4nNfamTlB29ZwtH0dpK 1Tkg==

Hello,

I have been spamming this list, looking for insights into why I cannot
configure OpenLDAP to use cn=config to delete an entry inside a DIT.
Sorry.

Just now thought of and conducted another experiment. The results
surprised me. If someone can please explain why OpenLDAP behaves this
way, and whether this can be altered through configuration, it would
certainly get me further on my way.

When I try to delete an entry using LDAPI as below:
$ sudo ldapdelete -Y external -H ldapi:/// cn=john,dc=directory,dc=com
ldap_delete: Insufficient access (50)
    additional info: no write access to parent

I do the same using domain administrator credentials and below and it
works fine:
$ ldapdelete -D cn=admin,dc=directory,dc=google,dc=com -W -x
cn=john,dc=directory,dc=com

Why LDAPI does not work? What can be done?

Thank you,

Igor Shmukler

Follow-Ups:
- Re: OpenLDAP permissions question
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Re: Are sets "production ready"?
Next by Date: Error while integrating OpenLDAP and Kerberos
Index(es):
- Chronological
- Thread