Le 19/11/2015 19:43, Andrei Valoshyn a écrit :
Hello!
I have slapd 2.4.39 and python 2.6
I tried to create an user via python when I tried do that with root
permission - it's OK. But when I did this with config in slapd.conf
"access to * by
group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write"
I have an error " ERR_employeeadd {'info': 'modifications require
authentication', 'desc': 'Strong(er) authentication required'}
"
I tried to use " l.protocol_version = ldap.VERSION{2,3} " via 389 port
My function for adding ldif is :
l = ldap.initialize(server)
l.simple_bind(username, ldapsrvpassword)
def employeeadd():
ldif = modlist.addModlist(attrs)
l.add_s(dn,ldif)
Will be very appreciate for any help
Hello Andrei,
I suppose that the username you use is a member of
cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com, but which
objectClass did you use in your group? By default, the OpenLDAP ACL
system will use groupOfNames, searching user in the member attribute. If
you have for example a groupOfUnixNames, you need to set your ACL like
this:
access to * by
group/groupOfUniqueNames/uniqueMember.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com"
write
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux