Dan,
I followed the instructions to update my config file but still I get the same error. I used the debug option as well but there were no obvious error message more than: ---- ** ld 0x7f3c527864b0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x7f3c527864b0 request count 1 (abandoned 0) ** ld 0x7f3c527864b0 Response Queue: Empty ld 0x7f3c527864b0 response count 0 ldap_chkResponseList ld 0x7f3c527864b0 msgid 2 all 1 ldap_chkResponseList returns ld 0x7f3c527864b0 NULL ldap_int_select read1msg: ld 0x7f3c527864b0 msgid 2 all 1 ber_get_next ber_get_next: tag 0x30 len 37 contents: read1msg: ld 0x7f3c527864b0 msgid 2 message type add ber_scanf fmt ({eAA) ber: read1msg: ld 0x7f3c527864b0 0 new referrals read1msg: mark request completed, ld 0x7f3c527864b0 msgid 2 request done: ld 0x7f3c527864b0 msgid 2 res_errno: 50, res_error: <no write access to parent>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_err2string ldap_add: Insufficient access (50) additional info: no write access to parent
ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 4 ldap_free_connection: actually freed ---
Any hints I can figure out what's set wrong?
Thanks Ali
On 02/07/2014 03:17 PM, Dan White wrote:
On 02/07/14 14:39 +0100, Ali Gholami wrote:
Thanks Vikas for the reply.
I removed the line to point to the "slapd.conf" and now I could run the service. But I get another error when I try to add structure of the entries using:
$sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f structure.ldif:
This is likely performing sasl external peercred authentication, rather than your desired external tls authentication as you intended below.
adding new entry "dc=x,dc=y"
ldap_add: Insufficient access (50) additional info: no write access to parent
I've created the ".ldaprc" in my home directory which defines the X590 certificates of the LDAP server and I've added the subject of the host certificated in the "slapd.conf":
access to * by dn="cn=admin,dc=x,dc=y" write by dn="cn=allowed host,dc=x,dc=y" read by * none
authz-regexp CN=ldap.biobankcloud.eu,O=BBC "cn=admin,dc=biobankcloud,dc=org"
database bdb suffix "dc=x,dc=y" rootdn "cn=admin,dc=x,dc=y" rootpw {SSHA}blabla...
IS there anything else that I should set or something broken?
Do:
sudo ldapwhoami -Y EXTERNAL -H ldapi:///
to obtain your resolved authentication identity, and create an appropriate authz-regexp rule that maps that identity to your desired user, e.g.:
authz-regexp "uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,dc=biobankcloud,dc=org"
See: http://www.openldap.org/doc/admin24/sasl.html
-- Dan White