Am Sat, 28 Dec 2013 20:48:45 +0500 schrieb Umar Draz <[email protected]>:
> HI Dieter, > > I am already doing this, using php > > ldap_rename() > > with admin user I can easily change the RDN e.g. > > cn=Umar Draz,ou=accounts,dc=mydomain,dc=com > > But if I try with Umar Draz user's login then then the user unable to > change the (dn) e.g I want to change the old cn with new one. > > cn=Umar Draz Khan,ou=accounts,dc=mydomain,dc=com. > > So i must sure there is something missing in slapd.conf regarding > access policy. rootdn is not an object do any access rule, rootdn is 'root'! As I mentioned already, as user you must have write access to the parent entry. -Dieter > > On Sat, Dec 28, 2013 at 1:58 PM, Dieter Klünter <[email protected]> > wrote: > > > Am Sat, 28 Dec 2013 07:21:59 +0000 > > schrieb Umar Draz <[email protected]>: > > > > > Hi > > > > > > I am trying to rename the (dn) entry through a normal user which > > > is first authenticate it self, but I there is an error while > > > renaming the dn entry > > > > > > text=no write access to old parent's children > > > > > > here is my slapd.conf access settings. > > > > > > # Sample access control policy: > > > access to attrs=userPassword,shadowLastChange > > > by self write > > > by dn="cn=admin,dc=mydomain,dc=com" write > > > by * auth > > > > > > access to * > > > by self write > > > by dn="cn=admin,dc=mydom,dc=com" write > > > by * read > > > > > > Would you please help, what I need to set? > > > > The last rule allows write operations on one's own entry, but in > > order to modify a RDN write operations on a parent entry is > > required, see ldapmodrdn(1) for more information. > > > > -Dieter > > > > -- > > Dieter Klünter | Systemberatung > > http://dkluenter.de > > GPG Key ID:DA147B05 > > 53°37'09,95"N > > 10°08'02,42"E > > > > > > -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
