Code Comments

Programming Forum and web based access to our favorite programming groups.
For Programmers: Free Programming Magazines | New: Database administration forum
Registration is free! Edit your profileCalendarFind other membersFrequently Asked QuestionsSearch -> 
Code Comments > PERL > LDAP >

RE: :Ldap and successful creation of user despite an "insufficient access"


Post New Thread











Thread
Author
RE: :Ldap and successful creation of user despite an "insufficient access" error
Cyril, do your logs provide any additional insight on the error?  Can
you increase the log level to see what may be causing the error?  Are
you performing any other operations that would modify the response?  Do
you create the object and modify a group immediately after?  Are there
any attributes missing from the final object?

Don

-----Original Message-----
From: Cyril Cheneson [mailto:ccheneson@gmail.com]=20
Sent: Tuesday, May 06, 2008 8:12 AM
To: perl-ldap@perl.org
Subject: Net::Ldap and successful creation of user despite an
"insufficient access" error

Hi all,

I m using Net::LDAP to connect to a LDAP server and create/modify users.
I have a predefined LDAP user I m using to bind with and then
create/modify accounts.
My slapd.conf has the following:

access to attrs=3DuserPassword,shadowLastChange
by dn=3D"cn=3Dadmin,dc=3Dmydomain,dc=3Dcom" write
by dn=3D" uid=3Dcyril,ou=3DPeople,dc=3Dmydomain,dc
=3Dcom" write
by anonymous auth
by self write
by * none

access to dn.base=3D"" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn=3D"cn=3Dadmin,dc=3Dmydomain,dc=3Dcom" write
by dn=3D" uid=3Dcyril,ou=3DPeople,dc=3Dmydomain,dc
=3Dcom" write
by * read


So if I understood well, the dn
" uid=3Dcyril,ou=3DPeople,dc=3Dmydomain,dc
=3Dcom" has write access(and =
there
for delete, and read)
to everything, just like the admin.

But when I try to create a user (being binded with
" uid=3Dcyril,ou=3DPeople,dc=3Dmydomain,dc
=3Dcom"), I got an =
"insufficient
access" error (50) from Net::LDAP (from $resp->error and $resp->code
)but the user is created.

Has anyone seen this behavior as well?

Should I rely on another value to check if the action has been
performed successfully?

I have also tried with the LDAP admin account and no error has been
thrown.

Thanks for your help

Cyril
--=20
----------------------------------
Cyril

"We will encourage you to develop the three great virtues of a
programmer:
laziness, impatience, and hubris."
-- Larry Wall, creator of the Perl programming language

Report this thread to moderator Post Follow-up to this message
Old Post
Miller, Don C.
05-07-08 12:44 AM

Sponsored Links



Last Thread Next Thread Next
Search this forum -> 
Post New Thread

LDAP archive

Show a Printable Version Send to friend Email This Page to Someone! subscribe to this thread Receive updates to this thread
Computer Consultants
Programming Jobs
Visual Basic Controls
SQL Server Programming
Webservices
Java Security
Visual Studio
C# Programming
Visual J++
Software engineering
Open source Software
Perl Programming
PHP Programming
ASP Programming
ASP .NET Programming
Visual Basic Programming
Windows Scripting Host
Java Programming
Java Help
Java Beans
VBScript
Cobol
MAC Applications
Unix Programming
Forum Jump:
All times are GMT. The time now is 10:37 AM.

 
Free MCSE Braindumps | Real Estate Topics
Programming forum archive

Copyrights CodeComments.com 2004 - 2006

Powered by vBulletin Copyright 2000-2006 Jelsoft Enterprises Limited.