Hi Ferenc,
Thank you for help. I did look at the link, and even tried to understand rules earlier. Hence, we see albeit poorly written something.... I also appreciate you helping me earlier, when I was just starting with OpenLDAP.
I want it to be something like: olcAccess: {1}to * by dn="cn=config" manage
Basically, I want dn=cn=config to have full root access over everything. I also want this password ideally to be password protected.
Does it make sense? Can it be done?
Sincerely,
Igor Shmukler
On Thu, Mar 19, 2015 at 2:13 PM, Ferenc Wagner wferi@niif.hu wrote:
Igor Shmukler igor.shmukler@gmail.com writes:
$ sudo ldapdelete -Y external -H ldapi:/// cn=john,dc=directory,dc=com SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 ldap_delete: Insufficient access (50) additional info: no write access to parent
As you suggested, this is not working. Can this work somehow? I would rather just cn=config with a password, which I am able to set. LDAPI is work too, although not my preferred route.
Add your olcAccess rules to the right database. Or to the frontend database. It's explained in the link I gave you: http://www.openldap.org/devel/admin/slapdconf2.html#Access%20Control%20Evalu... -- Regards, Feri.