Le 19/11/2015 19:43, Andrei Valoshyn a écrit :
Hello! I have slapd 2.4.39 and python 2.6 I tried to create an user via python when I tried do that with root permission - it's OK. But when I did this with config in slapd.conf "access to * by group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write"
I have an error " ERR_employeeadd {'info': 'modifications require authentication', 'desc': 'Strong(er) authentication required'} "
I tried to use " l.protocol_version = ldap.VERSION{2,3} " via 389 port My function for adding ldif is : l = ldap.initialize(server) l.simple_bind(username, ldapsrvpassword) def employeeadd(): ldif = modlist.addModlist(attrs) l.add_s(dn,ldif)
Will be very appreciate for any help
Hello Andrei,
I suppose that the username you use is a member of cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com, but which objectClass did you use in your group? By default, the OpenLDAP ACL system will use groupOfNames, searching user in the member attribute. If you have for example a groupOfUnixNames, you need to set your ACL like this:
access to * by group/groupOfUniqueNames/uniqueMember.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write