Hello Dieter,
$ sudo ldapwhoami -Y EXTERNAL -H ldapi:/// SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
I have been trying to delete a record using LDAPI as well as -D cn=config with a password. I have also added commands olcAccess to both dn: olcDatabase={0}config,cn=config as well as dn: olcDatabase={1}hdb,cn=config [DIT] databases.
The result is always the same: ldap_delete: Insufficient access (50) additional info: no write access to parent
Sincerely,
Igor Shmukler
On Thu, Mar 19, 2015 at 10:13 PM, Dieter Klünter dieter@dkluenter.de wrote:
Am Wed, 18 Mar 2015 23:28:35 +0200 schrieb Igor Shmukler igor.shmukler@gmail.com:
Hello,
I have been spamming this list, looking for insights into why I cannot configure OpenLDAP to use cn=config to delete an entry inside a DIT. Sorry.
Just now thought of and conducted another experiment. The results surprised me. If someone can please explain why OpenLDAP behaves this way, and whether this can be altered through configuration, it would certainly get me further on my way.
When I try to delete an entry using LDAPI as below: $ sudo ldapdelete -Y external -H ldapi:/// cn=john,dc=directory,dc=com ldap_delete: Insufficient access (50) additional info: no write access to parent
I do the same using domain administrator credentials and below and it works fine: $ ldapdelete -D cn=admin,dc=directory,dc=google,dc=com -W -x cn=john,dc=directory,dc=com
Why LDAPI does not work? What can be done?
probably because of unsufficient authz-regexp ?
What is the result of ldapwhoami -Y EXTERNAL -H ldapi:/// or sudo ldapwhoami -Y EXTERNAL -H ldapi:///
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E