[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: please help me !!!



Hello,

Alex Murphy <murphy@sgtp.samara.ru> writes:

> Hello !! im use openldap 2.2.4
> openldap compile with --enable-aci
> in slapd.conf:
> access to *
>     by * auth continue
>     by aci=OpenLDAPaci +rwscx
>
> ME LDIF---------
> # smim, ru
> dn: o=smim,dc=ru
> o: smim
> objectClass: organization
> openldapaci: 
> 1.2.3.4#entry#grant;r,w,s,c;[entry];r,s,w,c;[all]#access-id#uid=Administrator,o=smim,dc=ru
>
> # Administrator, smim, ru
> dn: uid=Administrator,o=smim,dc=ru
> cn: Administrator
> uid: Administrator
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> uidNumber: 1000
> gidNumber: 1000
> homeDirectory: /
> description: Administrator
> objectClass: sambaSamAccount
> loginShell: /dev/null
> sambaSID: S-1-5-21-3155955837-4108667622-3601602090-500
> sambaPrimaryGroupSID: S-1-5-21-3155955837-4108667622-3601602090-512
> sambaLMPassword: xxxx
> sambaNTPassword: xxxx
> sambaAcctFlags: [UX        ]
> userPassword: password

As I have written a few days ago allready, aci's don't support
subentries but only the entry itself, which is in your case
o=smim,dc=ru. You don't have added a openLDAPaci attribute to the entry
uid=Administrator,o=smim,dc=ru
Please read
http://www.openldap.org/faq/data/cache/634.html

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de