Re: No matter what I try I get: ldap_modify: Insufficient access (50)

Am 27.10.23 um 09:51 schrieb Alejandro Imass:

Thank you for answering my question, comments below:

On Thu, Oct 26, 2023 at 10:52 PM Uwe Sauter <uwe.sauter.de@gmail.com mailto:uwe.sauter.de@gmail.com> wrote:

when comparing the LDIF you used to initialize with the slapcat output, what I can see is that
you have no distict
definition of olcDatabase={0}config,cn=config. I suspect that OpenLDAP then used default vaules,
including the "to * by
* none" ACL.

None of the docs or any examples show to setup a specific section for olcDatabase={0}config,cn=config not even the default ldif file that comes with the distribution.

Having olcDatabase={0}config,cn=config in the original LDIF which you use to initialize the LDAP server is usually a good idea because you can do configuration there that you otherwise would need to modify lateron.

Try the following (and replace with the correct URL):

$ ldifmodify -x -H ldap://localhost/ -D cn=config -W << EOF
 > dn: olcDatabase={0}config,cn=config
 > changetype: modify
 > add: olcRootPW
 > olcRootPW: {SSHA}cZbRoOhRew8MBiWGSEOiFX0XqbAQwXUr
 > EOF

What is ldifmodify ?

I meant to write ldapmodify…

Thank you for this, I have saved it to my cheat sheet !

Glad you solved the issue. You're welcome.