[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: what is wrong with my permissions?

Hi Ferenc,

Thank you for help. I did look at the link, and even tried to
understand rules earlier. Hence, we see albeit poorly written
I also appreciate you helping me earlier, when I was just starting
with OpenLDAP.

I want it to be something like:
olcAccess: {1}to * by dn="cn=config" manage

Basically, I want dn=cn=config to have full root access over
everything. I also want this password ideally to be password

Does it make sense? Can it be done?


Igor Shmukler

On Thu, Mar 19, 2015 at 2:13 PM, Ferenc Wagner <wferi@niif.hu> wrote:
> Igor Shmukler <igor.shmukler@gmail.com> writes:
>> $ sudo ldapdelete -Y external -H ldapi:/// cn=john,dc=directory,dc=com
>> SASL/EXTERNAL authentication started
>> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>> SASL SSF: 0
>> ldap_delete: Insufficient access (50)
>>     additional info: no write access to parent
>> As you suggested, this is not working. Can this work somehow? I would
>> rather just cn=config with a password, which I am able to set. LDAPI
>> is work too, although not my preferred route.
> Add your olcAccess rules to the right database.  Or to the frontend
> database.  It's explained in the link I gave you:
> http://www.openldap.org/devel/admin/slapdconf2.html#Access%20Control%20Evaluation
> --
> Regards,
> Feri.