Hi
I'm trying to add ordinary users write access to a specific ou.
I've googled a lot and haven't really found any useful regarding to openldap 2.4 (slapd.d format).
What would be the correct syntax for a ldapmodify command to accomplish this to the dn: ou=addressbook,dc=example,dc=net ?
Thanks.
/Thomas
Am Wed, 22 Dec 2010 14:46:50 +0100 schrieb "Thomas D. Dahlmann" domingo@domingo.dk:
Hi
I'm trying to add ordinary users write access to a specific ou.
I've googled a lot and haven't really found any useful regarding to openldap 2.4 (slapd.d format).
What would be the correct syntax for a ldapmodify command to accomplish this to the dn: ou=addressbook,dc=example,dc=net ?
something like: ldapmodify -D "cn=config" -W -H ldap://some.host dn:olcDatabase={1}hdb,cn=config changetype: modify replace: olcAccess olcAccess: {1} to dn.subtree="ou=addressbook,dc=example,dc=net" by users write by * read -
The numbers {1} are fictious, replace with your real values.
-Dieter
Dieter Kluenter wrote:
Am Wed, 22 Dec 2010 14:46:50 +0100 schrieb "Thomas D. Dahlmann"domingo@domingo.dk:
Hi
I'm trying to add ordinary users write access to a specific ou.
I've googled a lot and haven't really found any useful regarding to openldap 2.4 (slapd.d format).
What would be the correct syntax for a ldapmodify command to accomplish this to the dn: ou=addressbook,dc=example,dc=net ?
something like: ldapmodify -D "cn=config" -W -H ldap://some.host dn:olcDatabase={1}hdb,cn=config changetype: modify replace: olcAccess olcAccess: {1} to dn.subtree="ou=addressbook,dc=example,dc=net" by users write by * read
The numbers {1} are fictious, replace with your real values.
Do not supply the {x} numbers at all when you're just doing a replace. slapd generates them itself, so there's no need.
You only need to provide the {x} numbers when you actually want to reference a specific value in a multivalued attribute. Even then, they're just a convenience, not absolutely essential.
something like: ldapmodify -D "cn=config" -W -H ldap://some.host dn:olcDatabase={1}hdb,cn=config changetype: modify replace: olcAccess olcAccess: {1} to dn.subtree="ou=addressbook,dc=example,dc=net" by users write by * read
Gives me this: ldapmodify -D "cn=admin,dc=example,dc=net" -W -H ldap://localhost Enter LDAP Password: dn:olcDatabase={1}hdb,cn=config changetype: modify replace: olcAccess olcAccess: to dn.subtree="ou=addressbook,dc=example,dc=net" by users write by * read
modifying entry "olcDatabase={1}hdb,cn=config" ldap_modify: Insufficient access (50)
"cn=admin,dc=example,dc=net" is my root account so I don't see why it shouldn't have access??
/Thomas
You are trying to modify cn=config, not dc=example,dc=net, which is where your account is the admin.
On Jan 4, 2011, at 12:59 PM, Thomas D. Dahlmann wrote:
something like: ldapmodify -D "cn=config" -W -H ldap://some.host dn:olcDatabase={1}hdb,cn=config changetype: modify replace: olcAccess olcAccess: {1} to dn.subtree="ou=addressbook,dc=example,dc=net" by users write by * read
Gives me this: ldapmodify -D "cn=admin,dc=example,dc=net" -W -H ldap://localhost Enter LDAP Password: dn:olcDatabase={1}hdb,cn=config changetype: modify replace: olcAccess olcAccess: to dn.subtree="ou=addressbook,dc=example,dc=net" by users write by * read
modifying entry "olcDatabase={1}hdb,cn=config" ldap_modify: Insufficient access (50)
"cn=admin,dc=example,dc=net" is my root account so I don't see why it shouldn't have access??
/Thomas
On 2011-01-04 22:02, Troy Knabe wrote:
You are trying to modify cn=config, not dc=example,dc=net, which is where your account is the admin.
Not sure that I get that? I have only one root admin in my setup : olcRootDN: cn=admin,dc=example,dc=net
If that isn't enough how do I edit cn=config?
I'm pretty newbie in openldap, please bear with me ;ø)
/Thomas
Am Tue, 04 Jan 2011 21:59:52 +0100 schrieb "Thomas D. Dahlmann" domingo@domingo.dk:
something like: ldapmodify -D "cn=config" -W -H ldap://some.host dn:olcDatabase={1}hdb,cn=config changetype: modify replace: olcAccess olcAccess: {1} to dn.subtree="ou=addressbook,dc=example,dc=net" by users write by * read
Gives me this: ldapmodify -D "cn=admin,dc=example,dc=net" -W -H ldap://localhost Enter LDAP Password: dn:olcDatabase={1}hdb,cn=config changetype: modify replace: olcAccess olcAccess: to dn.subtree="ou=addressbook,dc=example,dc=net" by users write by * read
modifying entry "olcDatabase={1}hdb,cn=config" ldap_modify: Insufficient access (50)
"cn=admin,dc=example,dc=net" is my root account so I don't see why it shouldn't have access??
cn=config has its own rootdn, olcDatabase={0}cn=config, if not configured, it should be cn=config
-Dieter
cn=config has its own rootdn, olcDatabase={0}cn=config, if not configured, it should be cn=config
That was it. I missed out on the fact that there are multiple rootdn's. Rebuilding my structure and login in with right rootdn did the job.
Thank you all for your input ;-)
-Dieter
openldap-technical@openldap.org
-
Dieter Kluenter -
Howard Chu -
Thomas D. Dahlmann -
Troy Knabe