Hi I am trying to rename the (dn) entry through a normal user which is first authenticate it self, but I there is an error while renaming the dn entry text=no write access to old parent's children here is my slapd.conf access settings. # Sample access control policy: access to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=mydomain,dc=com" write by * auth access to * by self write by dn="cn=admin,dc=mydom,dc=com" write by * read Would you please help, what I need to set?

HI Dieter, I am already doing this, using php ldap_rename() with admin user I can easily change the RDN e.g. cn=Umar Draz,ou=accounts,dc=mydomain,dc=com But if I try with Umar Draz user's login then then the user unable to change the (dn) e.g I want to change the old cn with new one. cn=Umar Draz Khan,ou=accounts,dc=mydomain,dc=com. So i must sure there is something missing in slapd.conf regarding access policy.

On Sat, Dec 28, 2013 at 1:58 PM, Dieter Klünter <dieter(a)dkluenter.de&gt; wrote: > Am Sat, 28 Dec 2013 07:21:59 +0000 > schrieb Umar Draz <unix.co(a)gmail.com&gt;: > > > Hi > > > > I am trying to rename the (dn) entry through a normal user which > > is first authenticate it self, but I there is an error while > > renaming the dn entry > > > > text=no write access to old parent's children > > > > here is my slapd.conf access settings. > > > > # Sample access control policy: > > access to attrs=userPassword,shadowLastChange > > by self write > > by dn="cn=admin,dc=mydomain,dc=com" write > > by * auth > > > > access to * > > by self write > > by dn="cn=admin,dc=mydom,dc=com" write > > by * read > > > > Would you please help, what I need to set? > > The last rule allows write operations on one's own entry, but in > order to modify a RDN write operations on a parent entry is > required, see ldapmodrdn(1) for more information. > > -Dieter > > -- > Dieter Klünter | Systemberatung > http://dkluenter.de > GPG Key ID:DA147B05 > 53°37'09,95"N > 10°08'02,42"E > >