HI Dieter,

I am already doing this, using php

ldap_rename()

with admin user I can easily change the RDN e.g.

cn=Umar Draz,ou=accounts,dc=mydomain,dc=com

But if I try with Umar Draz user's login then then the user unable to change the (dn) e.g I want to change the old cn with new one.

cn=Umar Draz Khan,ou=accounts,dc=mydomain,dc=com.

So i must sure there is something missing in slapd.conf regarding access policy.

Br.

Umar

On Sat, Dec 28, 2013 at 1:58 PM, Dieter Klünter <dieter@dkluenter.de> wrote:

Am Sat, 28 Dec 2013 07:21:59 +0000
schrieb Umar Draz <unix.co@gmail.com>:

> Hi
>
> I am trying to rename the (dn) entry through a normal user which is
> first authenticate it self, but I there is an error while renaming
> the dn entry
>
> text=no write access to old parent's children
>
> here is my slapd.conf access settings.
>
> # Sample access control policy:
> access to attrs=userPassword,shadowLastChange
> by self write
> by dn="cn=admin,dc=mydomain,dc=com" write
> by * auth
>
> access to *
> by self write
> by dn="cn=admin,dc=mydom,dc=com" write
> by * read
>
> Would you please help, what I need to set?

The last rule allows write operations on one's own entry, but in order
to modify a RDN write operations on a parent entry is required, see
ldapmodrdn(1) for more information.

-Dieter

--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E

--
Umar Draz
Network Architect