Full_Name: Maheshwar Reddy Version: 2.4.4 OS: CentOS 6.5 URL: ftp://ftp.openldap.org/incoming/Mahesh Submission from: (NULL) (175.101.6.130)
Dear Openldap Support,
First of all thank for the open community, We have been using openldap since last 5 years.
Right now we are trying to decommission older version of openldap and trying to build newversion. Prior to that we are testing the openldap functionality and we observed some issue while configuring.
We have a Linux team, and they all are need ldap write access. I've created a group and provided a ldap write access to that group. But the people who belongs to that group they were unable to write the ldiff files.
Attached information, kindly take look into it.
you help would highly appreciated.
# ldap_writers, access_control, redhot, redhot.com dn: cn=ldap_writers,ou=access_control,o=redhot,dc=redhot,dc=com cn: ldap_writers objectClass: organizationalRole description: Grants full LDAP write access roleOccupant: uid=maheshwar.reddy,ou=users,o=redhot,dc=redhot,dc=com
[root@sal-lnx01 ~]# cat grantaccess.ldif dn: olcDatabase={2}bdb,cn=nonfig changetype: modify add: olcAccess olcAccess: to * by group/organizationalRole/roleOccupant="cn=ldap_writers,ou=access_control,o=redhot,dc=redhot,dc=com" write
[root@sal-lnx01 ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f grantaccess.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={2}bdb,cn=config"
[root@sal-lnx01 ~]# slapcat -n0 | tail -n10 olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=Manager,dc=redhot,dc=com" write by * read olcAccess: {3}to * by group/organizationalRole/roleOccupant="cn=ldap_writers ,ou=access_control,o=redhot,dc=redhot,dc=com" write olcSuffix: dc=redhot,dc=com olcRootDN: cn=Manager,dc=redhot,dc=com entryCSN: 20161017124350.966527Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20161017124350Z
[root@sal-lnx01 ~]# ldapadd -x -W -D uid=maheshwar.reddy,ou=users,o=redhot,dc=redhot,dc=com -f test.ldif Enter LDAP Password: adding new entry "uid=srikanth.reddy,ou=users,o=redhot,dc=redhot,dc=com" ldap_add: Insufficient access (50) additional info: no write access to parent
[root@sal-lnx01 ~]# cat test.ldif # srikanth.reddy, users, redhot.com dn: uid=srikanth.reddy,ou=users,o=redhot,dc=redhot,dc=com cn: Maheshwar objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: posixAccount objectClass: top givenName: Maheshwar Reddy homeDirectory:2F2Fhome/srikanth.reddy loginShell: /bin/bash mail: srikanth.reddy@redhot.com sn: Reddy uid: srikanth.reddy uidNumber: 10001 gidNumber: 1000 userPassword: {SSHA}UQU2j5vBuGqjfTE3x+UlA2Ez1ENHAZ/Q