Hello all,
An example user in my LDAP structure is like:
dn: cn=Full Name,ou=Users,dc=mydomain,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: top
givenName: Full
sn: Name
cn: Full Name
uid: fname
userPassword: {MD5}HNtFsPRLE3okNNjVm6lmpw==
uidNumber: 1004
gidNumber: 100
homeDirectory: /home/fname
loginShell: /bin/bash
mail: fname(a)mydomain.com
This user is under group of IT where I want to give him access to add
new entry into the OpenLDAP.
I'm connecting to LDAP server via his details and phpldapadmin and
trying to create a new user but I'm getting the following error:
Error number: 0x13 (LDAP_CONSTRAINT_VIOLATION)
Description: Some constraint would be violated by performing the
action. This can happen when you try to add a second value to a
single-valued attribute, for example.
My ACL's in the master ldap server are:
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=mydomain,dc=com" write
by dn="uid=syncrepl,ou=system,dc=mydomain,dc=com" write
by group/groupOfUniqueNames/uniqueMember="cn=IT,ou=Groups,dc=mydomain,dc=com"
write
by dn="uid=authenticate,ou=system,dc=mydomain,dc=com" read
by anonymous auth
by self write
by * none
access to attrs=givenName,sn,cn
by group/groupOfUniqueNames/uniqueMember="cn=IT,ou=Groups,dc=mydomain,dc=com"
write
by self write
by users auth
by anonymous auth
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=mydomain,dc=com" write
by group/groupOfUniqueNames/uniqueMember="cn=LDAP
Admins,ou=Groups,dc=mydomain,dc=com" write
by * read
I'm also using in this file the overlay unique for attributes uid,mail
and uidNumber in case that this has anything to do.
Any help is much appreciated.
Thanks