[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: what is wrong with my permissions?

To: Ferenc Wagner <wferi@niif.hu>
Subject: Re: what is wrong with my permissions?
From: Igor Shmukler <igor.shmukler@gmail.com>
Date: Thu, 19 Mar 2015 14:24:40 +0200
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=DTvolqtheWdO4xG5VGbN7s+svarGhoxYc7nrIOrrxa4=; b=BCdaJ8VDhRgmiJUle193vNA51FmWJNGJdrz7ts5HxJBFSsmx/qXmGsOAc2otKF9BX6 3YF2V3gY3tGyZ8LD4mizvHPfLRb1CPE3QPODmQRbAYU5Ph1n0ytmp6Rm2LnflkNXA2bL gv35VOMMh+WdBhl5QpJeu0lPdgD5QQRmA1IQSVQ2nqDVG5GJOS/Oo2o9oEtv3lXpegfQ hhSEc24X19b7Y0vH2bE/hQ+LyubA0epTG1mMDcrDGKIlvW5DjvU6CA6ncsm5J+TiemNd gxIYsKagX1SjoQCcp9Zq5XwnwEyMvS+mFQTW/bUULsINVUi3rvwHNL4S5ZpwN6yM7Pjc M9jQ==
In-reply-to: <87oanpfanj.fsf@lant.ki.iif.hu>
References: <CAA1SNA3S1dySN1BWw7fHv2f21ZU6i4pG0rPWHaJ9LpnuUbYNig@mail.gmail.com> <873851j33t.fsf@lant.ki.iif.hu> <CAA1SNA1aVtzJqAYnXZX5YrchgFwFgREE7wyR=PwjKe5AcNYG1g@mail.gmail.com> <87oanpfanj.fsf@lant.ki.iif.hu>

Hi Ferenc,

Thank you for help. I did look at the link, and even tried to
understand rules earlier. Hence, we see albeit poorly written
something....
I also appreciate you helping me earlier, when I was just starting
with OpenLDAP.

I want it to be something like:
olcAccess: {1}to * by dn="cn=config" manage

Basically, I want dn=cn=config to have full root access over
everything. I also want this password ideally to be password
protected.

Does it make sense? Can it be done?

Sincerely,

Igor Shmukler



On Thu, Mar 19, 2015 at 2:13 PM, Ferenc Wagner <wferi@niif.hu> wrote:
> Igor Shmukler <igor.shmukler@gmail.com> writes:
>
>> $ sudo ldapdelete -Y external -H ldapi:/// cn=john,dc=directory,dc=com
>> SASL/EXTERNAL authentication started
>> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>> SASL SSF: 0
>> ldap_delete: Insufficient access (50)
>>     additional info: no write access to parent
>>
>> As you suggested, this is not working. Can this work somehow? I would
>> rather just cn=config with a password, which I am able to set. LDAPI
>> is work too, although not my preferred route.
>
> Add your olcAccess rules to the right database.  Or to the frontend
> database.  It's explained in the link I gave you:
> http://www.openldap.org/devel/admin/slapdconf2.html#Access%20Control%20Evaluation
> --
> Regards,
> Feri.

Follow-Ups:
- Re: what is wrong with my permissions?
  - From: Ferenc Wagner <wferi@niif.hu>

References:
- what is wrong with my permissions?
  - From: Igor Shmukler <igor.shmukler@gmail.com>
- Re: what is wrong with my permissions?
  - From: Ferenc Wagner <wferi@niif.hu>
- Re: what is wrong with my permissions?
  - From: Igor Shmukler <igor.shmukler@gmail.com>
- Re: what is wrong with my permissions?
  - From: Ferenc Wagner <wferi@niif.hu>

Prev by Date: Re: what is wrong with my permissions?
Next by Date: RE: default behavior of server certificate validation
Index(es):
- Chronological
- Thread