[Date Prev][Date Next] [Chronological] [Thread] [Top]

Newbie Question: How to set write access to everybody



Hi,

I am working with a C/C++ API based client to add/modify entries to an
internal LDAP database and thus we don't require any type of
authentication.

I've put "defaultaccess write" and hoped that would grant access to
anybody to do a ldap_add_entry_s call without performing a
ldap_simple_bind first.  But it kept on telling me "Insufficient
Access".  I also tried to set access to * by * write to each database.

What should I do in this case to achieve the effect of open access to
anybody? Because potentially I can have several hundreds database
configured in this one slapd-conf and I don't want to create rootdn
and rootpw for each of them and perform ldap_simple_bind everytime I
want to modify a different database instance. What I really want to
achieve is: login/bind once and then I can write to any database
inside this slapd.

Any hints would be deeply appreicated. My current slapd conf is attached.

Thanks,

Yang Xiang


#
# sample slapd config file
#
include         /usr/local/etc/openldap/schema/core.schema

idletimeout     3600

sizelimit       75000
timelimit       300

loglevel        -1
#threads                5

defaultaccess write

# DB1
database        ldbm
suffix          ou=0,ou=rs,ou=msrs,ou=agent,dc=my-ldap,dc=com
access *
by * write
directory       /home/agent/ldapdb/rs0


# DB2
database        ldbm
suffix          ou=1,ou=rs,ou=msrs,ou=agent,dc=my-ldap,dc=com
access *
by * write
directory       /home/agent/ldapdb/rs1