| Miller, Don C. 2008-05-06, 7:44 pm |
| Cyril, do your logs provide any additional insight on the error? Can
you increase the log level to see what may be causing the error? Are
you performing any other operations that would modify the response? Do
you create the object and modify a group immediately after? Are there
any attributes missing from the final object?
Don
-----Original Message-----
From: Cyril Cheneson [mailto:ccheneson@gmail.com]=20
Sent: Tuesday, May 06, 2008 8:12 AM
To: perl-ldap@perl.org
Subject: Net::Ldap and successful creation of user despite an
"insufficient access" error
Hi all,
I m using Net::LDAP to connect to a LDAP server and create/modify users.
I have a predefined LDAP user I m using to bind with and then
create/modify accounts.
My slapd.conf has the following:
access to attrs=3DuserPassword,shadowLastChange
by dn=3D"cn=3Dadmin,dc=3Dmydomain,dc=3Dcom" write
by dn=3D" uid=3Dcyril,ou=3DPeople,dc=3Dmydomain,dc
=3Dcom" write
by anonymous auth
by self write
by * none
access to dn.base=3D"" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn=3D"cn=3Dadmin,dc=3Dmydomain,dc=3Dcom" write
by dn=3D" uid=3Dcyril,ou=3DPeople,dc=3Dmydomain,dc
=3Dcom" write
by * read
So if I understood well, the dn
" uid=3Dcyril,ou=3DPeople,dc=3Dmydomain,dc
=3Dcom" has write access(and =
there
for delete, and read)
to everything, just like the admin.
But when I try to create a user (being binded with
" uid=3Dcyril,ou=3DPeople,dc=3Dmydomain,dc
=3Dcom"), I got an =
"insufficient
access" error (50) from Net::LDAP (from $resp->error and $resp->code
)but the user is created.
Has anyone seen this behavior as well?
Should I rely on another value to check if the action has been
performed successfully?
I have also tried with the LDAP admin account and no error has been
thrown.
Thanks for your help
Cyril
--=20
----------------------------------
Cyril
"We will encourage you to develop the three great virtues of a
programmer:
laziness, impatience, and hubris."
-- Larry Wall, creator of the Perl programming language
|