Error Insufficient Access No Write Access To Parent
here for a quick overview of the site Help Center Detailed answers to any questions you might have openldap access control Meta Discuss the workings and policies of this site About Us Learn olcaccess more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Super User Questions Tags Users Badges Unanswered Ask Question _ Super User is a question and answer site for computer enthusiasts and power users. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top No write access to parent up vote 0 down vote favorite I am facing an issue chen trying to setup an openldap server with chef. Configuration: Ubuntu 15.04 OpenLdap 2.4.31 Chef/OpenLdap 2.7.1 For information, when I run dkpg-reconfigure slapd (which is not an option when trying to automate the process), part 1 of the issue is solved (w/o changing any phpldapadmin configuration file) but part 2 remains. Part 1: when accessing to the admin account to phpldapadmin, the admin user is not accessible (message: This base cannot be created with PLA.) Part 2: when trying to execute sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/db.ldif the error message is: STDERR: SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 ldap_add: Insufficient access (50) additional info: no write access to parent slapd.conf include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/nis.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 0 modulepath /usr/lib/ldap moduleload back_hdb sizelimit 500 tool-threads 1 database hdb suffix "dc=a6,dc=com" rootdn "cn=admin,dc=a6,dc=com" rootpw {SSHA}a6a6aa66a6a6a6a6a6a6a6 directory "/var/lib/ldap" lastmod on dbconfig set_cachesize 0 31457280 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index default pres,eq,approx,sub index objectClass eq index cn,ou,sn,uid,l,mail,gecos,memberUid,description index loginShell,homeDirectory pres,eq,approx index uidNumber,gidNumber pres,eq db.ldif dn: dc=a6,dc=com objectClass: top objectClass: dcObject obj
Organization: .masterhost Hi. There is acl in slapd.conf: access to dn.one="ou=personal,ou=groups,o=vega" by group/groupOfUniqueNames/uniqueMember="cn=users-admins,ou=groups,o=vega" write by group/groupOfUniqueNames/uniqueMember="cn=tree-admins,ou=groups,o=vega" write by users read And http://superuser.com/questions/1106609/no-write-access-to-parent when any of the members of "cn=users-admins,ou=groups,o=vega" tries to add a new object, he's got an error: no write access to parent But he can http://www.openldap.org/lists/openldap-software/200902/msg00080.html modify exiting object without errors. If I change dn.one to dn.sub, there is no errors at all. Could anybody explain, what modification needs to parent object? Our system: $ uname -rs; pkg_info -Ix openldap-serv FreeBSD 7.1-amd64-20090114-RELENG_7_1 openldap-server-2.4.13 Open source LDAP server implementation -- Irina Shetukhina Follow-Ups: Re: no write access to parent From: "Dieter Kluenter"
+0200 Cc: openldap-software@openldap.org In-reply-to: <4AA0E5C6.7000700@wpkg.org> References: <4AA0E5C6.7000700@wpkg.org> User-agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.4pre) Gecko/20090825 Shredder/3.0b4pre On 04/09/2009 12:02, Tomasz Chmielewski wrote: I would http://www.openldap.org/lists/openldap-software/200909/msg00026.html like to allow a user to edit everything in a given https://ubuntuforums.org/showthread.php?t=2171352 subtree. For example, I would like to allow uid=Operator,ou=Users,dc=example,dc=com to edit all entries which are in *,ou=Users,dc=example,dc=com. I tried to follow http://www.zytrax.com/books/ldap/ch6/#access to set up access for that user, but I keep getting "insufficient access". onn=5 fd=15 ACCEPT from IP=127.0.0.1:46917 (IP=0.0.0.0:389) conn=5 op=0 BIND dn="uid=Operator,ou=Users,dc=example,dc=com" error insufficient method=128 conn=5 op=0 BIND dn="uid=Operator,ou=Users,dc=example,dc=com" mech=SIMPLE ssf=0 conn=5 op=0 RESULT tag=97 err=0 text= conn=5 op=1 DEL dn="uid=d.user3,ou=Users,dc=example,dc=com" conn=5 op=1 RESULT tag=107 err=50 text=no write access to entry My rule in slapd.conf is: access to dn="ou=Users,dc=example,dc=com" by dn="uid=Operator,ou=Users,dc=example,dc=com" write by dn="uid=Operator,ou=Users,dc=example,dc=com" read I also tried to use: access to dn.subtree="ou=Users,dc=example,dc=com" ... But then I'm not even able to error insufficient access connect. Hi, I recommend that you read the chapter on access control from the *OpenLDAP* admin guide: http://www.openldap.org/doc/admin24/access-control.html In this particular case, I expect that you have other access rules that may be blocking this one - remember that order is important, and the first rule matching on the
Get Kubuntu Get Xubuntu Get Lubuntu Get UbuntuStudio Get Mythbuntu Get Edubuntu Get Ubuntu-GNOME Get UbuntuKylin Ubuntu Code of Conduct Ubuntu Wiki Community Wiki Other Support Launchpad Answers Ubuntu IRC Support AskUbuntu Official Documentation User Documentation Social Media Facebook Twitter Useful Links Distrowatch Bugs: Ubuntu PPAs: Ubuntu Web Upd8: Ubuntu OMG! Ubuntu Ubuntu Insights Planet Ubuntu Activity Page Please read before SSO login Advanced Search Forum The Ubuntu Forum Community Ubuntu Official Flavours Support General Help LDAP: ldapadd as root exits with no write access to parent Having an Issue With Posting ? Do you want to help us debug the posting issues ? < is the place to report it, thanks ! Results 1 to 1 of 1 Thread: LDAP: ldapadd as root exits with no write access to parent Thread Tools Show Printable Version Subscribe to this Thread… Display Linear Mode Switch to Hybrid Mode Switch to Threaded Mode August 30th, 2013 #1 ptsneves View Profile View Forum Posts Private Message First Cup of Ubuntu Join Date Aug 2013 Beans 4 LDAP: ldapadd as root exits with no write access to parent In the LDAP server guide it is sugested that the root user always has full privileges but when i run a command like Code: sudo ldapadd -Y EXTERNAL -H ldapi:/// -D cn=admin,dc=example,dc=com and i get Code: SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=project_group,ou=Groups,dc=example,dc=com" ldap_add: Insufficient access (50) additional info: no write access to parent What can i do to be able to login this way? Last edited by ptsneves; August 30th, 2013 at 01:55 PM. Adv Reply Quick Navigation General Help Top Site Areas Settings Private Messages Subscriptions Who's Online Search Forums Forums Home Forums The Ubuntu Forum Community Ubuntu Official Flavours Support New to Ubuntu General Help Asus Ubuntu Support (CLOSED) Dell Ubuntu Support (CLOSED) Ubuntu One (CLOSED) Installation & Upgrades Hardware Desktop Environments Networking & Wireles