Hi all,

I'm trying to restore/move a database from one machine to another and start making sure that my client uses all the correct .ldif files.

Now, I've always done a slapcat to an ldif file and used sed in place to modify/remove all the extraneous entries from the dump so I can reload.

Strangely, this doesn't look like it's working this time around.

I get the "Insufficient access (50) additional info: no write access to parent"

Seems obvious that I don't have some type of access at the beginning of the load near the base of the tree.

(After I get this, I'm inundated with ldap_add:  No such object (32) since it wasn't able to write things into a non-existent structure further down)

I see a potential problem in that the tree was originally defined as dc=example,dc=com and, now, everything lives in:  dc=hq,dc=example,dc=com .

Is that the problem?

If so, what's the easiest way around it?

Ldap.conf has:

BASE dc=example,dc=com

Slapd.conf has:

access to attrs=userPassword
   by self         write
   by anonymous    auth
   by dn="uid=syncuser,dc=hq,dc=example,dc=com"       read
   by *    compare

access to attrs=sambaLMPassword,sambaNTPassword
   by dn="uid=syncuser,dc=hq,dc=example,dc=com" read
   by * none

access to *
   by self write
   by * read

access to dn.subtree="dc=hq,dc=example,dc=com"
    by self write
    by set="[cn=itlevel1,ou=Groups,dc=hq,dc=example,dc=com]/member* & user" write
    by set="[cn=ntadmins,ou=Groups,dc=hq,dc=example,dc=com]/member* & user" write
    by * break


authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
                "cn=root,dc=hq,dc=example,dc=com"

database        mdb
suffix          "dc=hq,dc=example,dc=com"
rootdn          "cn=root,dc=hq,dc=example,dc=com"


Thank you all!

P.