directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juan José Aragonés <>
Subject openLDAP, ApacheDS and ACL's
Date Wed, 02 Mar 2011 13:27:02 GMT


It's the first post I'm writing but I've reached this point
 reading a lot of the posts, so first of all I want to thank all of you 
for such a great job.
OK, now to my problem:
I've created my LDAP 
system for testing and it works fine. For an easier use I downloaded and
 installed ApacheDS (after having set up the entire system). I created 
the connection and it works. Up to this point is great. Then I decided 
to add some ACL's to my slapd.conf.
In the beggining I had the simple one:

 access to *
    by * read

This one worked fine: can log in with any user and read the whole tree. So I #commented this
one and tried another one:

access to dn.subtree="ou=Bahamas,ou=Users,dc=test,dc=com"
   by dn.exact="cn=Ken Roberts,ou=Bahamas,ou=Users,dc=test,dc=com" write

 meant to allow Ken Roberts to modify, add or delete entries but only 
under "ou=Bahamas,ou=Users,dc=test,dc=com" (hope this is correct). But 
when I try to log in as "cn=Ken Roberts 
,ou=Bahamas,ou=Users,dc=test,dc=com" in ApacheDS I can't (Error message:
 Invalid credentials). It only let's me log in as 
"cn=Manager,dc=test,dc=com" (set in in slapd.conf as the root DN).
I decided to try wiht another ACL:

access to *
   by dn.children="ou=Admin,ou=Users,dc=test,dc=com" write

 meant to allow all users under "ou=Admin,ou=Users,dc=test,dc=com" to 
modify, add or delete entries anywhere in the tree. But the same 
happens: wehn I try to log in as "cn=MR 
Administrator,ou=Admin,ou=Users,dc=test,dc=com" in ApacheDS I can't 
(same error as above). Can only log in as "cn=Manager,dc=test,dc=com".

I have no idea about what to do so, if anyone can help me with this I'd be really grateful.


Juan Jose Aragones
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message