[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP permissions question


I have been spamming this list, looking for insights into why I cannot
configure OpenLDAP to use cn=config to delete an entry inside a DIT.

Just now thought of and conducted another experiment. The results
surprised me. If someone can please explain why OpenLDAP behaves this
way, and whether this can be altered through configuration, it would
certainly get me further on my way.

When I try to delete an entry using LDAPI as below:
$ sudo ldapdelete -Y external -H ldapi:/// cn=john,dc=directory,dc=com
ldap_delete: Insufficient access (50)
    additional info: no write access to parent

I do the same using domain administrator credentials and below and it
works fine:
$ ldapdelete -D cn=admin,dc=directory,dc=google,dc=com -W -x

Why LDAPI does not work? What can be done?

Thank you,

Igor Shmukler