Am Wed, 18 Mar 2015 23:28:35 +0200 schrieb Igor Shmukler <[email protected]>:
> Hello, > > I have been spamming this list, looking for insights into why I cannot > configure OpenLDAP to use cn=config to delete an entry inside a DIT. > Sorry. > > Just now thought of and conducted another experiment. The results > surprised me. If someone can please explain why OpenLDAP behaves this > way, and whether this can be altered through configuration, it would > certainly get me further on my way. > > When I try to delete an entry using LDAPI as below: > $ sudo ldapdelete -Y external -H ldapi:/// cn=john,dc=directory,dc=com > ldap_delete: Insufficient access (50) > additional info: no write access to parent > > I do the same using domain administrator credentials and below and it > works fine: > $ ldapdelete -D cn=admin,dc=directory,dc=google,dc=com -W -x > cn=john,dc=directory,dc=com > > Why LDAPI does not work? What can be done? probably because of unsufficient authz-regexp ? What is the result of ldapwhoami -Y EXTERNAL -H ldapi:/// or sudo ldapwhoami -Y EXTERNAL -H ldapi:/// -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
