HI Dieter,

I am already doing this, using php


with admin user I can easily change the RDN e.g.

cn=Umar Draz,ou=accounts,dc=mydomain,dc=com

But if I try with Umar Draz user's login then then the user unable to  change the (dn) e.g I want to change the old cn with new one.

cn=Umar Draz Khan,ou=accounts,dc=mydomain,dc=com.

So i must sure there is something missing in slapd.conf regarding access policy.



On Sat, Dec 28, 2013 at 1:58 PM, Dieter Klünter <dieter@dkluenter.de> wrote:
Am Sat, 28 Dec 2013 07:21:59 +0000
schrieb Umar Draz <unix.co@gmail.com>:

> Hi
> I am trying to rename the (dn) entry through a normal user which is
> first authenticate it self, but I there is an error while renaming
> the dn entry
> text=no write access to old parent's children
> here is my slapd.conf access settings.
> # Sample access control policy:
> access to attrs=userPassword,shadowLastChange
>         by self write
>         by dn="cn=admin,dc=mydomain,dc=com" write
>         by * auth
> access to *
>         by self write
>         by dn="cn=admin,dc=mydom,dc=com" write
>         by * read
> Would you please help, what I need to set?

The last rule allows write operations on one's own entry, but in order
to modify a RDN write operations on a parent entry is required, see
ldapmodrdn(1) for more information.


Dieter Klünter | Systemberatung
GPG Key ID:DA147B05

Umar Draz
Network Architect