On 03/19/15 22:33 +0200, Igor Shmukler wrote:
Hello Dieter,
$ sudo ldapwhoami -Y EXTERNAL -H ldapi:/// SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
I have been trying to delete a record using LDAPI as well as -D cn=config with a password. I have also added commands olcAccess to both dn: olcDatabase={0}config,cn=config as well as dn: olcDatabase={1}hdb,cn=config [DIT] databases.
The result is always the same: ldap_delete: Insufficient access (50) additional info: no write access to parent
If your goal is to manage your server using EXTERNAL over ldapi:///, configuring a olcAuthzRegexp is a far simpler approach. Map 'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth' to your rootdn identity and you'll bypass acl restrictions altogether.