Hi OpenLDAP team,
I'm new to openLDAP. So this could be a trivial question, please let me know if I missed anything.
I'm trying to add entries to "dc=example,dc=com" using ldap_add. It is working fine for super user (root), but we are getting permission error for normal user (non root).
I'm able to update with ldap_modify for normal user.
Could you please let me know how can we give permissions to any specific user to add entries using ldap_add.
Thanks in advance.
Regards J.Visu
Hi,
first of all, I'm newbie in LDAP too, but I think that under root you're using different type of authentication. Maybe you can post your commands, so we can see what are you actually doing.
From my experience: if you use parameters "-Y EXTERNAL" you're authenticate as actual Linux user. But when you're using "-D "cn=admin,dc=example,dc=com" " you'll authenticate as LDAP's "admin" user. If you want to add new database (to cn=config), you will probably need Linux root user. But when you want to modify database, you need LDAP's admin user (at least this is the way I understand LDAP).
Best regards
Martin Stejskal
________________________________ From: openldap-technical openldap-technical-bounces@openldap.org on behalf of vvv jjj vvvjjj0@yahoo.co.in Sent: 19 January 2017 05:37:34 To: openldap-technical@openldap.org Subject: Permission issue for normal user with ldap_add
Hi OpenLDAP team,
I'm new to openLDAP. So this could be a trivial question, please let me know if I missed anything.
I'm trying to add entries to "dc=example,dc=com" using ldap_add. It is working fine for super user (root), but we are getting permission error for normal user (non root).
I'm able to update with ldap_modify for normal user.
Could you please let me know how can we give permissions to any specific user to add entries using ldap_add.
Thanks in advance.
Regards J.Visu
Am Thu, 19 Jan 2017 04:37:34 +0000 (UTC) schrieb vvv jjj vvvjjj0@yahoo.co.in:
Hi OpenLDAP team,
I'm new to openLDAP. So this could be a trivial question, please let me know if I missed anything.
I'm trying to add entries to "dc=example,dc=com" using ldap_add. It is working fine for super user (root), but we are getting permission error for normal user (non root).
I'm able to update with ldap_modify for normal user.
Could you please let me know how can we give permissions to any specific user to add entries using ldap_add.
man slapd.access(5)
-Dieter
On Thu, Jan 19, 2017 at 10:23:22AM +0100, Dieter Klünter wrote:
man slapd.access(5)
See also some examples in the Admin Guide:
http://www.openldap.org/doc/admin24/access-control.html#Access%20Control%20E...
More examples here:
https://www.skills-1st.co.uk/papers/ldap-acls-jan-2009/
For any non-trivial policy I would suggest building a test-suite before trying to write the ACLs. OpenLDAP has one of the most predictable ACL mechanisms in the industry but it can still be hard to cover all the edge-cases correctly.
Andrew
openldap-technical@openldap.org
-
Andrew Findlay -
Dieter Klünter -
Martin Stejskal -
vvv jjj