Am Wed, 18 Mar 2015 23:28:35 +0200 schrieb Igor Shmukler igor.shmukler@gmail.com:
Hello,
I have been spamming this list, looking for insights into why I cannot configure OpenLDAP to use cn=config to delete an entry inside a DIT. Sorry.
Just now thought of and conducted another experiment. The results surprised me. If someone can please explain why OpenLDAP behaves this way, and whether this can be altered through configuration, it would certainly get me further on my way.
When I try to delete an entry using LDAPI as below: $ sudo ldapdelete -Y external -H ldapi:/// cn=john,dc=directory,dc=com ldap_delete: Insufficient access (50) additional info: no write access to parent
I do the same using domain administrator credentials and below and it works fine: $ ldapdelete -D cn=admin,dc=directory,dc=google,dc=com -W -x cn=john,dc=directory,dc=com
Why LDAPI does not work? What can be done?
probably because of unsufficient authz-regexp ?
What is the result of ldapwhoami -Y EXTERNAL -H ldapi:/// or sudo ldapwhoami -Y EXTERNAL -H ldapi:///
-Dieter