[OpenLDAP] Rights access error
Craig White
craigwhite at azapple.com
Wed Jan 27 06:12:49 UTC 2010
On Tue, 2010-01-26 at 19:27 +0100, Luc MAIGNAN wrote:
> Hi,
>
> I've setup an openldap server on a F12 box. It seems to be fine, but
> only rootdn has te ability to update entries.
> When a user tries to update an attribute he owns, he's got the error 50
> : insufficient rights access
>
> My slapd.conf is configured as below :
>
>
> access to *
> by self write
> by users read
> by anonymous auth
>
>
> access to *
> by dn="uid=xxx,ou=Users,dc=xxx,dc=com" write
> by anonymous auth
> by self write
> by * none
>
>
> What is the error ? Why an authenticated user cannot update its owns
> attributes ?
----
I tend to use RHEL / CentOS for LDAP server which is a little older but
this may be useful to you...
# allow everybody to try to bind
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by dn.exact="uid=Admin,ou=People,dc=example,dc=com" write
by self write
by anonymous auth
by * none
# give read access to one's entry to himself only
access to dn.regex="^uid=([^,]+)ou=People,dc=example,dc=com$$"
by self read
by dn.exact="uid=Admin,ou=People,dc=example,dc=com" write
by anonymous auth
by * none
access to dn.subtree="ou=People,dc=example,dc=com"
by dn.exact="uid=Admin,ou=People,dc=example,dc=com" write
by anonymous read
by * read
access to dn.subtree="ou=Groups,dc=example,dc=com"
by dn.exact="cn=Admin,ou=People,dc=example,dc=com" write
by anonymous read
by * read
access to dn.exact="ou=People,dc=example,dc=com"
by anonymous read
by * read
access to dn.exact="dc=example,dc=com"
by anonymous read
by * read
access to *
by anonymous read
by * read
HTH
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the users
mailing list