Re: [OpenLDAP] Rights access error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2010-01-26 at 19:27 +0100, Luc MAIGNAN wrote:
> Hi,
> 
> I've setup an openldap server on a F12 box. It seems to be fine, but 
> only rootdn has te ability to update entries.
> When a user tries to update an attribute he owns, he's got the error  50 
> : insufficient rights access
> 
> My slapd.conf is configured as below :
> 
> 
> access to *
>          by self write
>          by users read
>          by anonymous auth
> 
> 
> access to *
>         by dn="uid=xxx,ou=Users,dc=xxx,dc=com" write
>         by anonymous auth
>         by self write
>         by * none
> 
> 
> What is the error ? Why an authenticated user cannot update its owns 
> attributes ?
----
I tend to use RHEL / CentOS for LDAP server which is a little older but
this may be useful to you...

# allow everybody to try to bind
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
        by dn.exact="uid=Admin,ou=People,dc=example,dc=com" write
        by self write
        by anonymous auth
        by * none

# give read access to one's entry to himself only
access to dn.regex="^uid=([^,]+)ou=People,dc=example,dc=com$$"
        by self read
        by dn.exact="uid=Admin,ou=People,dc=example,dc=com" write
        by anonymous auth
        by * none

access to dn.subtree="ou=People,dc=example,dc=com"
        by dn.exact="uid=Admin,ou=People,dc=example,dc=com" write
        by anonymous read
        by * read

access to dn.subtree="ou=Groups,dc=example,dc=com"
        by dn.exact="cn=Admin,ou=People,dc=example,dc=com" write
        by anonymous read
        by * read

access to dn.exact="ou=People,dc=example,dc=com"
        by anonymous read
        by * read

access to dn.exact="dc=example,dc=com"
        by anonymous read
        by * read

access to *
        by anonymous read
        by * read

HTH

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
users mailing list
[email protected]
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux