Hello,
(I'm not an LDAP guru - sorry for lame question(s))
I'ld like to make an addressbook in LDAP (for mailing clients, in first step for my RoundCube). Server is Debian 7.9, slapd 2.4.31 (OpenLDAP). After the successfully installation, I've created a subtree for the addressbook:
dn: ou=rcabook,dc=mydomain,dc=com ou: rcabook objectClass: top objectClass: organizationalUnit
dn: ou=public,ou=rcabook,dc=mydomain,dc=com ou: public objectClass: top objectClass: organizationalUnit
dn: ou=private,ou=rcabook,dc=mydomain,dc=com ou: private objectClass: top objectClass: organizationalUnit
and a regular user for RoundCube:
dn: cn=rcuser,ou=rcabook,dc=mydomain,dc=com cn: rcuser objectClass: organizationalRole objectClass: simpleSecurityObject userPassword:: e1f2g3....x3y2z1
But when I want to make a new entry as rcuser, I've got this error:
ldapadd -f entry.ldif -D cn=rcuser,ou=rcabook,dc=mydomain,dc=com -W Enter LDAP Password: adding new entry "cn=DOMAIN IT,ou=public,ou=rcabook,dc=mydomain,dc=com" ldap_add: Insufficient access (50) additional info: no write access to parent
The ou=public,ou=rcabook subtree has a special access in config:
# slapcat -n0 dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=mydomain,dc=com olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou s auth by dn="cn=admin,dc=mydomain,dc=com" write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=admin,dc=mydomain,dc=com" write by * read olcAccess: {3}to dn.subtree="ou=public,ou=rcabook,dc=mydomain,dc=com" by users writ e olcLastMod: TRUE ...
Which privileges do I need to add, for all user would add the entries to subtree?
Thanks,
a.