Hello
It's the first post I'm writing but I've reached this point
reading a lot of the posts, so first of all I want to thank all of you
for such a great job.
OK, now to my problem:
I've created my LDAP
system for testing and it works fine. For an easier use I downloaded and
installed ApacheDS (after having set up the entire system). I created
the connection and it works. Up to this point is great. Then I decided
to add some ACL's to my slapd.conf.
In the beggining I had the simple one:
access to *
by * read
This one worked fine: can log in with any user and read the whole tree. So I
#commented this one and tried another one:
access to dn.subtree="ou=Bahamas,ou=Users,dc=test,dc=com"
by dn.exact="cn=Ken Roberts,ou=Bahamas,ou=Users,dc=test,dc=com" write
It's
meant to allow Ken Roberts to modify, add or delete entries but only
under "ou=Bahamas,ou=Users,dc=test,dc=com" (hope this is correct). But
when I try to log in as "cn=Ken Roberts
,ou=Bahamas,ou=Users,dc=test,dc=com" in ApacheDS I can't (Error message:
Invalid credentials). It only let's me log in as
"cn=Manager,dc=test,dc=com" (set in in slapd.conf as the root DN).
I decided to try wiht another ACL:
access to *
by dn.children="ou=Admin,ou=Users,dc=test,dc=com" write
It's
meant to allow all users under "ou=Admin,ou=Users,dc=test,dc=com" to
modify, add or delete entries anywhere in the tree. But the same
happens: wehn I try to log in as "cn=MR
Administrator,ou=Admin,ou=Users,dc=test,dc=com" in ApacheDS I can't
(same error as above). Can only log in as "cn=Manager,dc=test,dc=com".
I have no idea about what to do so, if anyone can help me with this I'd be
really grateful.
Regards
Juan Jose Aragones
