| Cyril Cheneson 2008-05-06, 7:44 pm |
| Hi all,
I m using Net::LDAP to connect to a LDAP server and create/modify users.
I have a predefined LDAP user I m using to bind with and then
create/modify accounts.
My slapd.conf has the following:
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=mydomain,dc=com" write
by dn="uid=cyril,ou=People,dc=mydomain,dc=com" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=mydomain,dc=com" write
by dn="uid=cyril,ou=People,dc=mydomain,dc=com" write
by * read
So if I understood well, the dn
"uid=cyril,ou=People,dc=mydomain,dc=com" has write access(and there
for delete, and read)
to everything, just like the admin.
But when I try to create a user (being binded with
"uid=cyril,ou=People,dc=mydomain,dc=com"), I got an "insufficient
access" error (50) from Net::LDAP (from $resp->error and $resp->code
)but the user is created.
Has anyone seen this behavior as well?
Should I rely on another value to check if the action has been
performed successfully?
I have also tried with the LDAP admin account and no error has been thrown.
Thanks for your help
Cyril
--
----------------------------------
Cyril
"We will encourage you to develop the three great virtues of a programmer:
laziness, impatience, and hubris."
-- Larry Wall, creator of the Perl programming language
|