[ldapvi] ldapvi - How to edit acl-entries within the cn=config backend
Ulrich Spoerlein
uspoerlein at gmail.com
Fri May 21 21:01:57 CEST 2010
On Thu, 20.05.2010 at 19:05:19 +0200, Axel Birndt wrote:
> Hi Dimitriy,
>
> now i have done a new test
>
>
> ab at ubuntunb:/etc/ldap$ ldapsearch -xWD cn=admin,dc=2axels-company,dc=de
> -H ldap://localhost -LLLs one -b 'cn=config' ''
> Enter LDAP Password:
> No such object (32)
>
> and the log output:
>
>
> May 20 19:02:11 localhost slapd[11996]: conn=10 fd=16 ACCEPT from
> IP=[::1]:33001 (IP=[::]:389)
> May 20 19:02:11 localhost slapd[11996]: conn=10 op=0 BIND
> dn="cn=admin,dc=2axels-company,dc=de" method=128
> May 20 19:02:11 localhost slapd[11996]: conn=10 op=0 BIND
> dn="cn=admin,dc=2axels-company,dc=de" mech=SIMPLE ssf=0
> May 20 19:02:11 localhost slapd[11996]: conn=10 op=0 RESULT tag=97 err=0
> text=
> May 20 19:02:11 localhost slapd[11996]: conn=10 op=1 SRCH
> base="cn=config" scope=1 deref=0 filter="(objectClass=*)"
> May 20 19:02:11 localhost slapd[11996]: conn=10 op=1 SEARCH RESULT
> tag=101 err=32 nentries=0 text=
> May 20 19:02:11 localhost slapd[11996]: conn=10 op=2 UNBIND
> May 20 19:02:11 localhost slapd[11996]: conn=10 fd=16 closed
This looks like a permission denied problem. NB the admin account for
dc=2axels-company,dc=de does not necessarly have read/write access for
the cn=config tree. This must usually be done by cn=admin,cn=config
This is how I do it:
ldapvi -D cn=admin,cn=config -b cn=config
Regards,
Uli
More information about the ldapvi
mailing list