Re: ACL Assistance Requested

Joshua M. Miller writes: > $ ldapadd -x -H ldaps://ldap-server.example.org -f add-printer.ldif -D > "uid=cupsd,ou=people,dc=example,dc=org" -W > Enter LDAP Password: > adding new entry "cn=<printer IP>,ou=printers,dc=example,dc=org" > ldap_add: Insufficient access (50) > additional info: no write access to entry See man slapd.access: The add operation requires write (=w) privileges on the pseudo- attribute entry of the entry being added, and write (=w) privileges on the pseudo-attribute children of the entry's parent. When adding the suffix entry of a database, write access to children of the empty DN ("") is required. Your statement access to dn="ou=printers,dc=example,dc=org" by dn.exact="uid=cupsd,ou=people,dc=example,dc=org" write (...) grants write access to the "children" pseudo-attribute of the parent (as well as to the rest of the parent). To to grant access to the actual entries you add, use dn.subtree= instead of dn=. Or maybe another access statement with something more restrictive, i.e. with dn.children.