Great!!! it worked!!! I know I have this setup fairly simple...but it's a good start.
Thanks so much, Andrew Cheers~
--On Wednesday, July 2, 2008 10:08 AM +0100 Andrew Findlay andrew.findlay@skills-1st.co.uk wrote:
On Tue, Jul 01, 2008 at 02:05:00PM -0700, david stackis wrote:
I added the ACL's you suggested. First I tried... access to "ou=addressbook,dc=Company,dc=com" by users write by * read
access to * by * read
Sorry - that first line should have specified dn.subtree:
access to dn.subtree="ou=addressbook,dc=Company,dc=com" by users write by * read
access to * by * read
You should keep the 'access' keyword hard against the left margin: leading white space indicates continuation lines.
When I used ldapadd I received this error...
ldapadd -D "cn=Elliott Smith,ou=addressbook,dc=Company,dc=com" -f contact.ldif2 Enter bind password: adding new entry cn=Nick Drake,ou=addressbook,dc=Company,dc=com Enter bind password: ldap_simple_bind: Invalid credentials
No surprise there - you did not load anything called "cn=Elliott Smith,ou=addressbook,dc=Company,dc=com" so you cannot authenticate as it.
I then tried is using "ou=users" like this...
ldapadd -D "cn=Elliott Smith,ou=users,dc=Company,dc=com" -f contact.ldif2 Enter bind password: adding new entry cn=Nick Drake,ou=addressbook,dc=Company,dc=com ldap_add: Insufficient access ldap_add: additional info: no write access to parent
Fixed by new version above.
# # Define individual users # dn: cn=Elliott Smith,ou=users,dc=company,dc=com objectclass: top objectclass: person cn: Elliott Smith sn: Smith userPassword: mysecret uid: esmith
That won't load, as uid is not in the person object class: you need inetOrgPerson for that.
Andrew
| From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 |
------------------- david stackis uc santa barbara phone: 805-893-8286 http://isc.ucsb.edu