On Tue, Jul 01, 2008 at 02:05:00PM -0700, david stackis wrote:
I added the ACL's you suggested. First I tried... access to "ou=addressbook,dc=Company,dc=com" by users write by * read
access to * by * read
Sorry - that first line should have specified dn.subtree:
access to dn.subtree="ou=addressbook,dc=Company,dc=com" by users write by * read
access to * by * read
You should keep the 'access' keyword hard against the left margin: leading white space indicates continuation lines.
When I used ldapadd I received this error...
ldapadd -D "cn=Elliott Smith,ou=addressbook,dc=Company,dc=com" -f contact.ldif2 Enter bind password: adding new entry cn=Nick Drake,ou=addressbook,dc=Company,dc=com Enter bind password: ldap_simple_bind: Invalid credentials
No surprise there - you did not load anything called "cn=Elliott Smith,ou=addressbook,dc=Company,dc=com" so you cannot authenticate as it.
I then tried is using "ou=users" like this...
ldapadd -D "cn=Elliott Smith,ou=users,dc=Company,dc=com" -f contact.ldif2 Enter bind password: adding new entry cn=Nick Drake,ou=addressbook,dc=Company,dc=com ldap_add: Insufficient access ldap_add: additional info: no write access to parent
Fixed by new version above.
# # Define individual users # dn: cn=Elliott Smith,ou=users,dc=company,dc=com objectclass: top objectclass: person cn: Elliott Smith sn: Smith userPassword: mysecret uid: esmith
That won't load, as uid is not in the person object class: you need inetOrgPerson for that.
Andrew