[Date Prev][Date Next]
Re: OpenLDAP permissions question
- To: email@example.com
- Subject: Re: OpenLDAP permissions question
- From: Dieter Klünter <firstname.lastname@example.org>
- Date: Thu, 19 Mar 2015 21:13:15 +0100
- In-reply-to: <CAA1SNA35_XD61coDn73c+qqSk7=LrpfZs7HqT0oxDG3s3b8TZw@mail.gmail.com>
- Organization: AVCI
- References: <CAA1SNA35_XD61coDn73c+qqSk7=LrpfZs7HqT0oxDG3s3b8TZw@mail.gmail.com>
Am Wed, 18 Mar 2015 23:28:35 +0200
schrieb Igor Shmukler <email@example.com>:
> I have been spamming this list, looking for insights into why I cannot
> configure OpenLDAP to use cn=config to delete an entry inside a DIT.
> Just now thought of and conducted another experiment. The results
> surprised me. If someone can please explain why OpenLDAP behaves this
> way, and whether this can be altered through configuration, it would
> certainly get me further on my way.
> When I try to delete an entry using LDAPI as below:
> $ sudo ldapdelete -Y external -H ldapi:/// cn=john,dc=directory,dc=com
> ldap_delete: Insufficient access (50)
> additional info: no write access to parent
> I do the same using domain administrator credentials and below and it
> works fine:
> $ ldapdelete -D cn=admin,dc=directory,dc=google,dc=com -W -x
> Why LDAPI does not work? What can be done?
probably because of unsufficient authz-regexp ?
What is the result of ldapwhoami -Y EXTERNAL -H ldapi:///
or sudo ldapwhoami -Y EXTERNAL -H ldapi:///
Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B