Am Sat, 28 Dec 2013 20:48:45 +0500
schrieb Umar Draz <unix.co(a)gmail.com>:
HI Dieter,
I am already doing this, using php
ldap_rename()
with admin user I can easily change the RDN e.g.
cn=Umar Draz,ou=accounts,dc=mydomain,dc=com
But if I try with Umar Draz user's login then then the user unable to
change the (dn) e.g I want to change the old cn with new one.
cn=Umar Draz Khan,ou=accounts,dc=mydomain,dc=com.
So i must sure there is something missing in slapd.conf regarding
access policy.
rootdn is not an object do any access rule, rootdn is 'root'!
As I mentioned already, as user you must have write access to the parent
entry.
-Dieter
On Sat, Dec 28, 2013 at 1:58 PM, Dieter Klünter <dieter(a)dkluenter.de>
wrote:
> Am Sat, 28 Dec 2013 07:21:59 +0000
> schrieb Umar Draz <unix.co(a)gmail.com>:
>
> > Hi
> >
> > I am trying to rename the (dn) entry through a normal user which
> > is first authenticate it self, but I there is an error while
> > renaming the dn entry
> >
> > text=no write access to old parent's children
> >
> > here is my slapd.conf access settings.
> >
> > # Sample access control policy:
> > access to attrs=userPassword,shadowLastChange
> > by self write
> > by dn="cn=admin,dc=mydomain,dc=com" write
> > by * auth
> >
> > access to *
> > by self write
> > by dn="cn=admin,dc=mydom,dc=com" write
> > by * read
> >
> > Would you please help, what I need to set?
>
> The last rule allows write operations on one's own entry, but in
> order to modify a RDN write operations on a parent entry is
> required, see ldapmodrdn(1) for more information.
>
> -Dieter
>
> --
> Dieter Klünter | Systemberatung
>
http://dkluenter.de
> GPG Key ID:DA147B05
> 53°37'09,95"N
> 10°08'02,42"E
>
>
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E