----- "Guillaume CHARDIN" guillaume.chardin@gmail.com wrote:
Hi, i'm a begginer with openldap and I would like some help about configuring a test directory (for now). I tought I set up correctly the base of the directory, but I encounter some issues with ACL to delegate rw access to some users/OU/groups. While I can do anything on the directory with the 'rootdn', I wasnt able to give rw access to another user (admintest) on the directory. To achieve this tasks I use several tools : phpldapadmin, ldapadd, ldapdelete. And everytime these tools return error about the rights of the user I bind to de Directory.
here is an example : ]#ldapdelete -x -D 'uid=admintest,dc=brcorp,dc=local' -W ou=test,dc=brcorp,dc=local Enter LDAP Password: ldap_delete: Insufficient access (50) additional info: no write access to parent
If i do the same with the rootdn user everything goes fine.
Remember, the rootdn user has full access and bypasses any ACLs, time or search limits you have configured. That's why it's called root ;-)
Gavin.