[LUNI] LDAP write access
lists at redboy.cx
Wed Aug 30 13:27:44 CDT 2006
sort of tangentially related to my earlier mailserver questions, I'm trying to set up personal addressbooks in an LDAP database, and I'm running into permissions issues. Eventually, I want to use regexes to match users to their own ou, but for now I have:
access to dn="ou=sten,ou=contacts,dc=redboy,dc=cx"
by dn="uid=sten,ou=users,dc=redboy,dc=cx" write
by * none
in my slapd.conf, but when I try adding an entry, I get an error saying "Insufficient access:"
sten at fenris2:~$ ldapadd -D uid=sten,ou=users,dc=redboy,dc=cx -W -x -v -f test
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
the world's most famous mythical manager
bjensen at example.com
adding new entry "cn=Barbara Jensen,ou=sten,ou=contacts,dc=redboy,dc=cx"
ldap_add: Insufficient access (50)
additional info: no write access to parent
I've tried "access to dn.subtree" and a bunch of other permutations inspired by the manpage for slapd.access, all with the same error; can anyone tell me what I'm missing?
More information about the luni