ldap_add: Insufficient Access (50)

[Paul Pathiakis <pathiaki2@yahoo.com>]

Hi all,

I'm trying to restore/move a database from one machine to another and start making sure that my client uses all the correct .ldif files.

Now, I've always done a slapcat to an ldif file and used sed in place to modify/remove all the extraneous entries from the dump so I can reload.

Strangely, this doesn't look like it's working this time around.

I get the "Insufficient access (50) additional info: no write access to parent"

Seems obvious that I don't have some type of access at the beginning of the load near the base of the tree.

(After I get this, I'm inundated with ldap_add:  No such object (32) since it wasn't able to write things into a non-existent structure further down)

I see a potential problem in that the tree was originally defined as dc=example,dc=com and, now, everything lives in:  dc=hq,dc=example,dc=com .

Is that the problem?

If so, what's the easiest way around it?

Ldap.conf has:

BASE dc=example,dc=com

Slapd.conf has:

access to attrs=userPassword
   by self         write
   by anonymous    auth

   by dn="uid=syncuser,dc=hq,dc=example,dc=com"       read

   by *    compare

access to attrs=sambaLMPassword,sambaNTPassword

   by dn="uid=syncuser,dc=hq,dc=example,dc=com" read

   by * none

access to *

   by self write
   by * read

access to dn.subtree="dc=hq,dc=example,dc=com"

    by self write

    by set="[cn=itlevel1,ou=Groups,dc=hq,dc=example,dc=com]/member* & user" write

    by set="[cn=ntadmins,ou=Groups,dc=hq,dc=example,dc=com]/member* & user" write

    by * break

authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"

                "cn=root,dc=hq,dc=example,dc=com"

database        mdb

suffix          "dc=hq,dc=example,dc=com"

rootdn          "cn=root,dc=hq,dc=example,dc=com"

Thank you all!

P.