Le 19/11/2015 19:43, Andrei Valoshyn a écrit :
Hello!
I have slapd 2.4.39 and python 2.6
I tried to create an user via python when I tried do that with root permission - it's OK. But when I did this with config in slapd.conf "access to * by group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write"I have an error " ERR_employeeadd {'info': 'modifications require authentication', 'desc': 'Strong(er) authentication required'} "
I tried to use " l.protocol_version = ldap.VERSION{2,3} " via 389 port
My function for adding ldif is :
l = ldap.initialize(server)
l.simple_bind(username, ldapsrvpassword)
def employeeadd():
        ldif = modlist.addModlist(attrs)
        l.add_s(dn,ldif)

Will be very appreciate for any help

Hello Andrei,

I suppose that the username you use is a member of cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com, but which objectClass did you use in your group? By default, the OpenLDAP ACL system will use groupOfNames, searching user in the member attribute. If you have for example a groupOfUnixNames, you need to set your ACL like this:access to * by group/groupOfUniqueNames/uniqueMember.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write

Hello Clément,
Thank you for reply!
I have groupOfNames and posixGroup objectClass. But at that moment this problem was fixed. The matter of fact Python had some problem. It was reinstalled.
Thank you!

CONFIDENTIALITY NOTICE: This email and files attached to it are confidential. If you are not the intended recipient you are hereby notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email.