That makes sense to me, now that you've pointed it out. Here's my
slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=domain,dc=com"
rootdn "cn=root,dc=domain,dc=com"
rootpw {SSHA}IMAPASSWORD!
password-hash {SSHA}
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
On Wed, Jul 7, 2010 at 5:48 PM, Tim Rice <[email protected]> wrote:
> On Wed, 7 Jul 2010, delpheye wrote:
>
> > Just realized I didn't reply to the list...
> >
> > LAM doesn't report any errors after login, and the root user is listed in
> > the Domain Admins group. So far it and nobody are the only two users in
> > LDAP.
>
> The "Domain Admins group" really doesn't have anything to to with
> OpenLDAP allowing writes to the ldap database. You've got an LDAP
> issue not a LAM issue.
>
> Perhaps send your slapd.conf to the list so we can see what's going on.
> Be sure to sanitize the password.
>
> > Also, I'm running LAM 2.9.0 on CentOS 5.5. I tried to install 3.0 and
> 3.1,
> > but there were pcre compatibility issues that I couldn't resolve.
> >
> > On Wed, Jul 7, 2010 at 12:54 PM, Roland Gruber <[email protected]>
> wrote:
> >
> > > Am 07.07.2010 18:31, schrieb delpheye:
> > > > Whenever I try to save a new user in LAM, it returns "Insufficient
> > > access."
> > > > The server logs say:
> > > >
> > > > ERROR: [uid=root,ou=Users,dc=domain,dc=com] Unable to create DN:
> > > > uid=testuser,ou=Users,dc=domain,dc=com (Insufficient access).
> > > >
> > > > However I can add users manually with smbldap-useradd. I've looked
> at
> > > ldap
> > > > and LAM directory permissions and they're both correct(ldap and
> apache,
> > > > respectively).
> > >
> > > insufficient access usually means that either the LDAP user that you
> use
> > > for LAM is not the admin or that you try to create entries in
> > > non-existing parts of the LDAP tree.
> > > Does LAM report any missing suffixes after login? Is "dc=domain,dc=com"
> > > your right LDAP suffix?
> > >
> > > - --
> > >
> > > Best regards
> > >
> > > Roland Gruber
>
> --
> Tim Rice Multitalents (707) 887-1469
> [email protected]
>
>
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
