Hi all,
I've installed a LDAP server on my network against which all my users can authenticate. They can even change their passwords via GUI or CLI without any issue.
What I am trying to do now is allow each one of them to have an address book in their subtree.
I created a subtree in each authentication relm that looks like this
ou=Contacts,uid=user,ou=People,dc=domain,dc=ca
Their is no problem with the rootdn adding entries below this, but I am unable to get the user to be able to. In fact I can't seem to allow the user to write anywhere. Even with the lone access rule:
access to * by * write
in the /etc/ldap/ldap.conf file (and yes I restart slapd everytime I change this file)
I beleive the correct access rule for what I want is: access to dn.children="ou=People,dc=domain,dc=ca" by self write
but that doesn't work either and I figured I'd ruduce the number of unknowns by trying to give global write permission first.
A commandline test to create an entry yields this result: darryl@bison:~$ ldapadd -w ${NETPASS} -x -D "uid=darryl,ou=People,dc=domain,dc=ca" -f ~/tmp adding new entry "cn=test_test1,ou=Contacts,uid=darryl,ou=People,dc=domain,dc=ca" ldap_add: Insufficient access (50) additional info: no write access to parent
~/tmp looks like this: dn: cn=test_test1,ou=Contacts,uid=darryl,ou=People,dc=domain,dc=ca cn: test_test1 objectClass: inetOrgPerson sn: testestestets
It's not an authentication issue because if NETPASS is wrong it returns:
ldap_bind: Invalid credentials (49)
Anyone have any ideas? There must be somthing simple I am missing, but I'm stumped!
cheers, darryl