[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP permissions question

Am Wed, 18 Mar 2015 23:28:35 +0200
schrieb Igor Shmukler <igor.shmukler@gmail.com>:

> Hello,
> I have been spamming this list, looking for insights into why I cannot
> configure OpenLDAP to use cn=config to delete an entry inside a DIT.
> Sorry.
> Just now thought of and conducted another experiment. The results
> surprised me. If someone can please explain why OpenLDAP behaves this
> way, and whether this can be altered through configuration, it would
> certainly get me further on my way.
> When I try to delete an entry using LDAPI as below:
> $ sudo ldapdelete -Y external -H ldapi:/// cn=john,dc=directory,dc=com
> ldap_delete: Insufficient access (50)
>     additional info: no write access to parent
> I do the same using domain administrator credentials and below and it
> works fine:
> $ ldapdelete -D cn=admin,dc=directory,dc=google,dc=com -W -x
> cn=john,dc=directory,dc=com
> Why LDAPI does not work? What can be done?

probably because of unsufficient authz-regexp ?

What is the result of ldapwhoami -Y EXTERNAL -H ldapi:///
or sudo ldapwhoami -Y EXTERNAL -H ldapi:///


Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B