[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap access



First, our setup:

Tru64 5.1 and openldap 2.1.22

Here is all of the access part of the config. file:

---------------------------------------------------
#######################################################################
# ldbm database definitions
#######################################################################

database        bdb
suffix          "dc=employee,dc=gpc,dc=edu"
rootdn          "cn=Manager,dc=employee,dc=gpc,dc=edu"
subordinate
rootpw          .......
directory       /usr/local/openldap-2.1.22-release/var/openldap-data-emp
index   objectClass     eq
index   cn,o,sn,uid,employeeNumber,mail,ou,givenName,displayName
pres,eq,approx,sub

access  to attr=userPassword
        by anonymous auth
        by users auth

access  to attrs=entry,uid,sn,mail,ou,cn,givenname
        by users read
        by anonymous read

access to *
        by dn="uid=douglas,dc=employee,dc=gpc,dc=edu" write

database        bdb
suffix          "dc=gpc,dc=edu"
rootdn          "cn=Manager,dc=gpc,dc=edu"
rootpw          ......
directory       /usr/local/openldap-2.1.22-release/var/openldap-data
index   objectClass     eq
index   cn,o,sn,uid,employeeNumber,mail,ou,givenName,displayName
pres,eq,approx,sub

access  to attr=userPassword
        by anonymous auth
        by users auth

access  to attrs=entry,uid,sn,mail,ou,cn,givenname
        by users read
        by anonymous read

access to *
        by dn="uid=douglas,dc=employee,dc=gpc,dc=edu" write
---------------------------------------------------

Please note that dc=employee,dc=gpc,dc=edu is subordinate to dc=gpc,dc=edu.
Here are the ldap commands I try and the results:

%ldapsearch -LLL -D uid=claldapbind,dc=gpc,dc=edu -y .pwd uid=hunter
givenname
dn: uid=hunter,dc=employee,dc=gpc,dc=edu
givenName: Hunter

%ldapsearch -LLL -D uid=douglas,dc=employee,dc=gpc,dc=edu -y .pwd uid=hunter
givenname
dn: uid=hunter,dc=employee,dc=gpc,dc=edu
givenName: Hunter

%ldapsearch -LLL uid=hunter givenname
dn: uid=hunter,dc=employee,dc=gpc,dc=edu
givenName: Hunter

%ldapmodify -x -D uid=douglas,dc=employee,dc=gpc,dc=edu  -y .pwd -f pwmod
modifying entry "uid=claldapbind,dc=gpc,dc=edu"
ldapmodify: update failed: uid=claldapbind,dc=gpc,dc=edu
ldap_modify: Insufficient access (50)

All work, but the last one - the ldapmodify. The claldapbind entry is
in there as expected:

dn: uid=claldapbind,dc=gpc,dc=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: claldapbind
cn: Clarkston LdapBind
mail: ldapadmin@gpc.edu
o: Georgia Perimeter College
sn: LdapBind
structuralObjectClass: inetOrgPerson
....

How do I make it where 'uid=douglas,dc=employee,dc=gpc,dc=edu" has
a 'su' type access? I am sure I am just not understanding something
in slapd.access.

Thanks!