[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP permissions question

On 03/19/15 22:33 +0200, Igor Shmukler wrote:
Hello Dieter,

$ sudo ldapwhoami -Y EXTERNAL -H ldapi:///
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

I have been trying to delete a record using LDAPI as well as -D
cn=config with a password. I have also added commands olcAccess to
both dn: olcDatabase={0}config,cn=config as well as dn:
olcDatabase={1}hdb,cn=config [DIT] databases.

The result is always the same: ldap_delete: Insufficient access (50)
additional info: no write access to parent

If your goal is to manage your server using EXTERNAL over ldapi:///,
configuring a olcAuthzRegexp is a far simpler approach. Map
'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth' to your rootdn
identity and you'll bypass acl restrictions altogether.
Dan White