ldap_modify: Insufficient access.

Issues related to applications and software problems
Post Reply
washide
Posts: 4
Joined: 2017/06/20 08:52:45

ldap_modify: Insufficient access.

Post by washide » 2017/06/21 10:45:48

I have :

Code: Select all

[root@masterdns openldap]# cut slapd.d/cn\=config/olcDatabase\=\{1\}bdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 6dda0bbd
dn: olcDatabase={1}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=teka,dc=sm,dc=edu,dc=pl
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=am,dc=teka,dc=sm,dc=edu,dc=pl
olcRootPW:: e1NTSEF9c1pmTkJMSEYrc3N4aDhhNTBqT05VS0lxMEthU0tLaDI=
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap/
olcDbCacheSize: 1000
olcDbChecksum: FALSE
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: c4fb35bc-e9ff-1036-892d-33ccc056f8a2
creatorsName: cn=config
createTimestamp: 20170620122854Z
entryCSN: 20170620122854.808017Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20170620122854Z



Actually i have got error like dap_modify: Insufficient access (50):

Code: Select all

[root@masterdns openldap]# ldapadd -x -d 128 -D 'cn=am,dc=teka,dc=sm,dc=edu,dc=pl' -W -f prawa3.ldif
Enter LDAP Password:
modifying entry "olcDatabase={1}bdb,cn=config"
ldap_modify: Insufficient access (50)


where prawa3.ldif :

Code: Select all

# {1}bdb, config
dn: olcDatabase={1}bdb,cn=config
changetype: modify
add: olcAccess
olcAccess: to dn.subtree="uid=tomek,ou=czyt,dc=teka,dc=sm,dc=edu,dc=pl"
   by cn=am,dc=teka,dc=sm,dc=edu,dc=pl write
You can see that i have in ldapadd opition -D like 'cn=am,dc=teka,dc=sm,dc=edu,dc=pl' and is the same the same like in olcDatabase={1}bdb.ldif:olcRootDN, and password from olcRootPW( but in clear text before hashed and encoded to base64).


I don't know what is problem how to solve this problem?
--
AM
Last edited by washide on 2017/06/21 12:02:25, edited 1 time in total.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: ldap_modify: Insufficient access.

Post by TrevorH » 2017/06/21 11:30:28

Looks like you are using the credentials for the main LDAP database, not the ones for the config db.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

washide
Posts: 4
Joined: 2017/06/20 08:52:45

Re: ldap_modify: Insufficient access.

Post by washide » 2017/06/21 11:56:07

-ldapadd is working on : 'cn=am,dc=teka,dc=sm,dc=edu,dc=pl' (olcRootDN: cn=am,dc=teka,dc=sm,dc=edu,dc=pl in olcDatabase={0}config.ldiff ) . This DN (-D opiton in ldapadd) is person whose credentials i am authenticating .So i think is ok.
-ldapadd working on file prawa3.ldif (dn: olcDatabase={1}bdb,cn=config) so i think is ok.


But other hand i have :

slapcat -n 0:

Code: Select all

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to *  by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: c4fb3292-e9ff-1036-892c-33ccc056f8a2
creatorsName: cn=config
createTimestamp: 20170620122854Z
entryCSN: 20170620122854.808017Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20170620122854Z
Thank you for feebdback.

Post Reply