Cyril, do your logs provide any additional insight on the error? Can you increase the log level to see what may be causing the error? Are you performing any other operations that would modify the response? Do you create the object and modify a group immediately after? Are there any attributes missing from the final object?
Don -----Original Message----- From: Cyril Cheneson [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 06, 2008 8:12 AM To: perl-ldap@perl.org Subject: Net::Ldap and successful creation of user despite an "insufficient access" error Hi all, I m using Net::LDAP to connect to a LDAP server and create/modify users. I have a predefined LDAP user I m using to bind with and then create/modify accounts. My slapd.conf has the following: access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=mydomain,dc=com" write by dn="uid=cyril,ou=People,dc=mydomain,dc=com" write by anonymous auth by self write by * none access to dn.base="" by * read # The admin dn has full write access, everyone else # can read everything. access to * by dn="cn=admin,dc=mydomain,dc=com" write by dn="uid=cyril,ou=People,dc=mydomain,dc=com" write by * read So if I understood well, the dn "uid=cyril,ou=People,dc=mydomain,dc=com" has write access(and there for delete, and read) to everything, just like the admin. But when I try to create a user (being binded with "uid=cyril,ou=People,dc=mydomain,dc=com"), I got an "insufficient access" error (50) from Net::LDAP (from $resp->error and $resp->code )but the user is created. Has anyone seen this behavior as well? Should I rely on another value to check if the action has been performed successfully? I have also tried with the LDAP admin account and no error has been thrown. Thanks for your help Cyril -- ---------------------------------- Cyril "We will encourage you to develop the three great virtues of a programmer: laziness, impatience, and hubris." -- Larry Wall, creator of the Perl programming language
