Discussion:
Problems creating ldap users
(too old to reply)
Michael Mansour
2006-04-13 03:00:06 UTC
Permalink
Hi,

I'm quite new to ldap and phpldapadmin, been working/learning this fulltime
over the past few days.

Anyway.. I have a fully functional openldap server and have installed
phpldapadmin 0.9.8.2 and can view my trees. I have two databases configured on
the one ldap server.

However, when I try and create a "Custom" entry, using:

RDN: uid=testuser
Container: ou=People,dc=domain,dc=com

and select "account" and "uid" from the objectclasses, I get the following error:

Could not add the object to the LDAP server.

LDAP said: Insufficient access
Error number: 0x32 (LDAP_INSUFFICIENT_ACCESS)
Description: You do not have sufficient permissions to perform that operation.

This is weird as I'm doing this while logged in as my:

uid=root,ou=People,dc=domain,dc=com

account into phpldapadmin.

In /etc/openldap/slapd.conf I have:

database ldbm
suffix "dc=domain,dc=com"
rootdn "cn=Manager,dc=domain,dc=com"

but note that looking at my "root" account within phpldapadmin, that also has:

cn=root
cn=Manager
uid=root

So it should work and have sufficient privileges.

Am I missing something here?

Thanks.

Michael.
Jürgen Schinker
2006-04-13 07:20:28 UTC
Permalink
Post by Michael Mansour
Hi,
I'm quite new to ldap and phpldapadmin, been working/learning this
fulltime over the past few days.
Anyway.. I have a fully functional openldap server and have installed
phpldapadmin 0.9.8.2 and can view my trees. I have two databases
configured on the one ldap server.
RDN: uid=testuser
Container: ou=People,dc=domain,dc=com
Could not add the object to the LDAP server.
LDAP said: Insufficient access
Error number: 0x32 (LDAP_INSUFFICIENT_ACCESS)
Description: You do not have sufficient permissions to perform that operation.
uid=root,ou=People,dc=domain,dc=com
account into phpldapadmin.
database ldbm suffix "dc=domain,dc=com" rootdn
"cn=Manager,dc=domain,dc=com"
cn=root cn=Manager uid=root
So it should work and have sufficient privileges.
you should log in with this

cn=Manager,dc=domain,dc=com

or create a rule similar to

access to *
by self write
by dn="uid=manager,ou=user,dc=schinx,dc=net" write

Loading...