Hello Christian, Thanks for the pointer. I followed your suggestion and it worked on the provider server.
However the customer server is still throwing the same error. Even though i used the a root unix user. Below is the config on the customer side: http://pastebin.com/9zanEh8c sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_sync_consumer.ldif modifying entry "cn=config" ldap_modify: Insufficient access (50) Thanks again Cheers! On Tue, Mar 11, 2014 at 1:28 PM, Christian Kratzer <[email protected]>wrote: > Hi, > > On Tue, 11 Mar 2014, Seun Ojedeji wrote: > > Hello thanks for your response, >> >> On Tue, Mar 11, 2014 at 11:01 AM, Christian Kratzer <[email protected] >> >wrote: >> >> Hi, >>> >>> >>> On Tue, 11 Mar 2014, Seun Ojedeji wrote: >>> How do i fix the insuffient access problem? I am using the admin that has >>> full write access on ldap. >>> >> <snipp/> > > Its a fresh ldap setup and i only have one admin user created (with on >> personal user) here is the script i used in setting up ldap: >> http://pastebin.com/JagCtptS >> > > your acl for cn=config is as follows: > > dn: olcDatabase={0}config,cn=config > objectClass: olcDatabaseConfig > olcDatabase: {0}config > olcAccess: {0}to * by > dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth > manage by * break > > This only allows the unix root user to manage cn=config. > > The admin user you are using is for managing access to the main directory. > > To manage cn=config in this setup you should use > > ldapadd -Y EXTERNAL -H ldapi:/// > ldapmodify -Y EXTERNAL -H ldapi:/// > > > 1. your openldap version >>> >>> >> openldap-2.4.28 >> > > > Do yourself a favor and upgrade to 2.4.39 before starting with any serious > openldap work. > > You can get upto date rpm and deb packages from > http://ltb-project.org/wiki/ > > Greetings > Christian > > > > >> >> >>> 2. your full configuration (preferably on pastebin oder such) >>> >>> >> Use slapcat -n0 to extract the config >> >>> >>> http://pastebin.com/U6SmeFNC >>> >> >> Thanks again for helping out >> >> >>> Greetings >>> Christian >>> >>> -- >>> Christian Kratzer CK Software GmbH >>> Email: [email protected] Wildberger Weg 24/2 >>> Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden >>> Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart >>> Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer >>> Web: http://www.cksoft.de/ >>> >>> >> >> >> >> > -- > Christian Kratzer CK Software GmbH > Email: [email protected] Wildberger Weg 24/2 > Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden > Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart > Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer > Web: http://www.cksoft.de/ > -- ------------------------------------------------------------------------ *Seun Ojedeji,Federal University Oye-Ekitiweb: http://www.fuoye.edu.ng <http://www.fuoye.edu.ng> Mobile: +2348035233535**alt email: <http://goog_1872880453>[email protected] <[email protected]>*
