5:46 a.m.
Hi
I'm trying to add ordinary users write access to a specific ou.
I've googled a lot and haven't really found any useful regarding to
openldap 2.4 (slapd.d format).
What would be the correct syntax for a ldapmodify command to accomplish
this to the dn: ou=addressbook,dc=example,dc=net ?
Thanks.
/Thomas
11:32 a.m.
Am Wed, 22 Dec 2010 14:46:50 +0100
schrieb "Thomas D. Dahlmann" <domingo(a)domingo.dk>:
Hi
I'm trying to add ordinary users write access to a specific ou.
I've googled a lot and haven't really found any useful regarding to
openldap 2.4 (slapd.d format).
What would be the correct syntax for a ldapmodify command to
accomplish this to the dn: ou=addressbook,dc=example,dc=net ?
something like:
ldapmodify -D "cn=config" -W -H ldap://some.host
dn:olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {1} to dn.subtree="ou=addressbook,dc=example,dc=net" by
users write by * read
-
The numbers {1} are fictious, replace with your real values.
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E
11:44 a.m.
Dieter Kluenter wrote:
Am Wed, 22 Dec 2010 14:46:50 +0100
schrieb "Thomas D. Dahlmann"<domingo(a)domingo.dk>:
> Hi
>
> I'm trying to add ordinary users write access to a specific ou.
>
> I've googled a lot and haven't really found any useful regarding to
> openldap 2.4 (slapd.d format).
>
> What would be the correct syntax for a ldapmodify command to
> accomplish this to the dn: ou=addressbook,dc=example,dc=net ?
something like:
ldapmodify -D "cn=config" -W -H ldap://some.host
dn:olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {1} to dn.subtree="ou=addressbook,dc=example,dc=net" by
users write by * read
-
The numbers {1} are fictious, replace with your real values.
Do not supply the {x} numbers at all when you're just doing a replace. slapd
generates them itself, so there's no need.
You only need to provide the {x} numbers when you actually want to reference a
specific value in a multivalued attribute. Even then, they're just a
convenience, not absolutely essential.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
12:59 p.m.
something like:
ldapmodify -D "cn=config" -W -H ldap://some.host
dn:olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {1} to dn.subtree="ou=addressbook,dc=example,dc=net" by
users write by * read
Gives me this:
ldapmodify -D "cn=admin,dc=example,dc=net" -W -H ldap://localhost
Enter LDAP Password:
dn:olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to dn.subtree="ou=addressbook,dc=example,dc=net" by users
write by * read
modifying entry "olcDatabase={1}hdb,cn=config"
ldap_modify: Insufficient access (50)
"cn=admin,dc=example,dc=net" is my root account so I don't see why it
shouldn't have access??
/Thomas
1:02 p.m.
You are trying to modify cn=config, not dc=example,dc=net, which is where your account is
the admin.
On Jan 4, 2011, at 12:59 PM, Thomas D. Dahlmann wrote:
> something like:
> ldapmodify -D "cn=config" -W -H ldap://some.host
> dn:olcDatabase={1}hdb,cn=config
> changetype: modify
> replace: olcAccess
> olcAccess: {1} to dn.subtree="ou=addressbook,dc=example,dc=net" by
> users write by * read
Gives me this:
ldapmodify -D "cn=admin,dc=example,dc=net" -W -H ldap://localhost
Enter LDAP Password:
dn:olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to dn.subtree="ou=addressbook,dc=example,dc=net" by users write by *
read
modifying entry "olcDatabase={1}hdb,cn=config"
ldap_modify: Insufficient access (50)
"cn=admin,dc=example,dc=net" is my root account so I don't see why it
shouldn't have access??
/Thomas
1:12 p.m.
On 2011-01-04 22:02, Troy Knabe wrote:
You are trying to modify cn=config, not dc=example,dc=net, which is
where your account is the admin.
Not sure that I get that? I have only one root admin in my setup :
olcRootDN: cn=admin,dc=example,dc=net
If that isn't enough how do I edit cn=config?
I'm pretty newbie in openldap, please bear with me ;ø)
/Thomas
12:02 a.m.
Am Tue, 04 Jan 2011 21:59:52 +0100
schrieb "Thomas D. Dahlmann" <domingo(a)domingo.dk>:
> something like:
> ldapmodify -D "cn=config" -W -H ldap://some.host
> dn:olcDatabase={1}hdb,cn=config
> changetype: modify
> replace: olcAccess
> olcAccess: {1} to dn.subtree="ou=addressbook,dc=example,dc=net" by
> users write by * read
Gives me this:
ldapmodify -D "cn=admin,dc=example,dc=net" -W -H ldap://localhost
Enter LDAP Password:
dn:olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to dn.subtree="ou=addressbook,dc=example,dc=net" by users
write by * read
modifying entry "olcDatabase={1}hdb,cn=config"
ldap_modify: Insufficient access (50)
"cn=admin,dc=example,dc=net" is my root account so I don't see why it
shouldn't have access??
cn=config has its own rootdn, olcDatabase={0}cn=config, if not
configured, it should be cn=config
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E
12:39 p.m.
cn=config has its own rootdn, olcDatabase={0}cn=config, if not
configured, it should be cn=config
That was it. I missed out on the fact that there are multiple rootdn's.
Rebuilding my structure and login in with right rootdn did the job.
Thank you all for your input ;-)
-Dieter
3760
days inactive
3774
days old
openldap-technical@openldap.org
7 comments
4 participants
participants (4)
-
Dieter Kluenter -
Howard Chu -
Thomas D. Dahlmann -
Troy Knabe