I would like to add addtional db's to my LDAP
server but am having permission problems.
My slapd.conf file has the following:
----------------------------------------------------
database bdb
suffix "dc=domainA,dc=com"
directory "/var/lib/ldap"
index objectClass eq
lastmod on
access to attribute=userPassword
by dn="cn=admin,dc=domainA,dc=com" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=admin,dc=domainA,dc=com" write
by * read
database bdb
suffix "dc=domainB,dc=com"
directory "/var/lib/ldap"
index objectClass eq
lastmod on
access to attribute=userPassword
by dn="cn=admin,dc=domainA,dc=com" write
by anonymous auth
by self write
by * none
access to *
by dn="cn=admin,dc=domainA,dc=com" write
by * read
-----------------------------------------------------
When I try to add the following with the command
'ldapadd -x -D "cn=admin,dc=domainA,dc=com" -W -f domainB.ldif'
dn: dc=domainB,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: domainB.com
dc: domainB
dn: ou=Addressbook,dc=domainB,dc=com
ou: Addressbook
objectClass: organizationalUnit
dn: cn=user1 last,ou=Addressbook,dc=domainB,dc=com
objectclass: inetOrgPerson
cn: user1 last
sn: last
telephoneNumber: 123.4567
mail: them@theiraddress
ou: Their LLC
mobile: xxx-xxxx
-----------------------------------------
I get the following error:
Enter LDAP Password:
adding new entry "dc=domainB,dc=com"
ldapadd: update failed: dc=domainB,dc=com
ldap_add: Insufficient access (50)
The password works for domainA (I just updated all 2,000 entries).
Anyone want to help me out here? I never really have understood the permissions
set up in my slapd.conf file.
Do I nee a seperate admin dn for each domain? If so, how do I initially
add it?
v/r
-mike
(text/plain)