[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: write access issue
Am Sat, 28 Dec 2013 20:48:45 +0500
schrieb Umar Draz <unix.co@gmail.com>:
> HI Dieter,
>
> I am already doing this, using php
>
> ldap_rename()
>
> with admin user I can easily change the RDN e.g.
>
> cn=Umar Draz,ou=accounts,dc=mydomain,dc=com
>
> But if I try with Umar Draz user's login then then the user unable to
> change the (dn) e.g I want to change the old cn with new one.
>
> cn=Umar Draz Khan,ou=accounts,dc=mydomain,dc=com.
>
> So i must sure there is something missing in slapd.conf regarding
> access policy.
rootdn is not an object do any access rule, rootdn is 'root'!
As I mentioned already, as user you must have write access to the parent
entry.
-Dieter
>
> On Sat, Dec 28, 2013 at 1:58 PM, Dieter KlÃnter <dieter@dkluenter.de>
> wrote:
>
> > Am Sat, 28 Dec 2013 07:21:59 +0000
> > schrieb Umar Draz <unix.co@gmail.com>:
> >
> > > Hi
> > >
> > > I am trying to rename the (dn) entry through a normal user which
> > > is first authenticate it self, but I there is an error while
> > > renaming the dn entry
> > >
> > > text=no write access to old parent's children
> > >
> > > here is my slapd.conf access settings.
> > >
> > > # Sample access control policy:
> > > access to attrs=userPassword,shadowLastChange
> > > by self write
> > > by dn="cn=admin,dc=mydomain,dc=com" write
> > > by * auth
> > >
> > > access to *
> > > by self write
> > > by dn="cn=admin,dc=mydom,dc=com" write
> > > by * read
> > >
> > > Would you please help, what I need to set?
> >
> > The last rule allows write operations on one's own entry, but in
> > order to modify a RDN write operations on a parent entry is
> > required, see ldapmodrdn(1) for more information.
> >
> > -Dieter
> >
> > --
> > Dieter KlÃnter | Systemberatung
> > http://dkluenter.de
> > GPG Key ID:DA147B05
> > 53Â37'09,95"N
> > 10Â08'02,42"E
> >
> >
>
>
--
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E