[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: phpldapadmin and openldap

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: phpldapadmin and openldap
From: Juan Diego Calle <juandiego.calle@soportelibre.com>
Date: Thu, 9 Jun 2011 17:45:47 -0500 (ECT)
Cc: openldap-technical@openldap.org
In-reply-to: <EF2C4F8FC037FF976D08658F@[192.168.1.2]>

Hi 
I understand, but I think i might have it wrong I changed the group miniadmins to this.
dn: cn=MiniAdmins,ou=Group,dc=mydomain,dc=com,dc=ec
objectClass: groupOfNames
objectClass: top
cn: MiniAdmins
member: uid=jdc,ou=People,dc=mydomain,dc=com,dc=ec
member: uid=no-admin,ou=People,dc=mydomain,dc=com,dc=ec
structuralObjectClass: groupOfNames
entryUUID: a3e66d90-19b0-1030-9c61-73ebddf12515
creatorsName: cn=Manager,dc=iess,dc=gob,dc=ec
modifiersName: cn=Manager,dc=iess,dc=gob,dc=ec
createTimestamp: 20110523174841Z
modifyTimestamp: 20110523174841Z
entryCSN: 20110523174841Z#000012#00#000000

Changed the ou=Group, instead of people, or should it be ou=Users?

I added this to the slapd.conf, but it didnt work.

access to *
        by self write
        by users read
        by anonymous read
        by * none

access to dn="ou=People,dc=iess,dc=gob,dc=ec" attrs=children,entry
        by group/groupOfNames/member="cn=MiniAdmins,ou=Group,dc=iess,dc=gob,dc=ec" write
or this

access to *
        by self write
        by users read
        by anonymous read
        by * none

access to * attrs=children,entry
        by group/groupOfNames/member="cn=MiniAdmins,ou=Group,dc=iess,dc=gob,dc=ec" write

or this

access to *
        by self write
        by group/groupOfNames/member="cn=MiniAdmins,ou=Group,dc=iess,dc=gob,dc=ec" write
        by anonymous read
        by * none

----- Original Message -----
From: "Quanah Gibson-Mount" <quanah@zimbra.com>
To: "Juan Diego Calle" <juandiego.calle@soportelibre.com>, openldap-technical@openldap.org
Sent: Tuesday, June 7, 2011 6:13:58 PM GMT -05:00 Colombia
Subject: Re: phpldapadmin and openldap

--On Tuesday, June 07, 2011 6:01 PM -0500 Juan Diego Calle 
<juandiego.calle@soportelibre.com> wrote:

> Hi,
>
> I have being trying to solve this for more than a month.  I installed
> Openldap, Samba, smbldap-tools, and phpmyadmin in a Red Hat 5.6 server.
> I have many users created with smbldap-tools. Almost everything works,
> there are 2 things that I need help with.  One is with phpldapadmin.  I
> can log with the user administrator, but can not change anything, this is
> the error in phpldapadmin

> dn="uid=Administrator,ou=People,dc=mydomain,dc=com,dc=ec"

> access to * by self write by users read by anonymous read by * none

No where in this ACL do you give the above DN the ability to make changes 
to your database.  I suggest you fix your ACLs.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: phpldapadmin and openldap
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- Re: phpldapadmin and openldap
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Scaling Syncrepl
Next by Date: Re: phpldapadmin and openldap
Index(es):
- Chronological
- Thread