Thank you! That worked great (dn.subtree). I had thought I had fixed
it but the state data in my client application had not refreshed properly.
Joshua M. Miller - RHCE,VCP
Hallvard B Furuseth wrote:
Joshua M. Miller writes:
> $ ldapadd -x -H ldaps://ldap-server.example.org
-f add-printer.ldif -D
> "uid=cupsd,ou=people,dc=example,dc=org" -W
> Enter LDAP Password:
> adding new entry "cn=<printer IP>,ou=printers,dc=example,dc=org"
> ldap_add: Insufficient access (50)
> additional info: no write access to entry
See man slapd.access:
The add operation requires write (=w) privileges on the pseudo-
attribute entry of the entry being added, and write (=w) privileges
on the pseudo-attribute children of the entry's parent. When adding
the suffix entry of a database, write access to children of the
empty DN ("") is required.
access to dn="ou=printers,dc=example,dc=org"
by dn.exact="uid=cupsd,ou=people,dc=example,dc=org" write
grants write access to the "children" pseudo-attribute of the parent (as
well as to the rest of the parent). To to grant access to the actual
entries you add, use dn.subtree= instead of dn=. Or maybe another
access statement with something more restrictive, i.e. with dn.children.