Dan,
I followed the instructions to update my config file but still I get the
same error. I used the debug option as well but there were no obvious
error message more than:
----
** ld 0x7f3c527864b0 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f3c527864b0 request count 1 (abandoned 0)
** ld 0x7f3c527864b0 Response Queue:
Empty
ld 0x7f3c527864b0 response count 0
ldap_chkResponseList ld 0x7f3c527864b0 msgid 2 all 1
ldap_chkResponseList returns ld 0x7f3c527864b0 NULL
ldap_int_select
read1msg: ld 0x7f3c527864b0 msgid 2 all 1
ber_get_next
ber_get_next: tag 0x30 len 37 contents:
read1msg: ld 0x7f3c527864b0 msgid 2 message type add
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x7f3c527864b0 0 new referrals
read1msg: mark request completed, ld 0x7f3c527864b0 msgid 2
request done: ld 0x7f3c527864b0 msgid 2
res_errno: 50, res_error: <no write access to parent>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_err2string
ldap_add: Insufficient access (50)
additional info: no write access to parent
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 4
ldap_free_connection: actually freed
---
Any hints I can figure out what's set wrong?
Thanks
Ali
On 02/07/2014 03:17 PM, Dan White wrote:
On 02/07/14 14:39 +0100, Ali Gholami wrote:
Thanks Vikas for the reply.
I removed the line to point to the "slapd.conf" and now I could run
the service. But I get another error when I try to add structure of
the entries using:
----
$sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f structure.ldif:
This is likely performing sasl external peercred authentication, rather
than your desired external tls authentication as you intended below.
adding new entry "dc=x,dc=y"
ldap_add: Insufficient access (50)
additional info: no write access to parent
----
I've created the ".ldaprc" in my home directory which defines the
X590 certificates of the LDAP server and I've added the subject of
the host certificated in the "slapd.conf":
----
access to *
by dn="cn=admin,dc=x,dc=y" write
by dn="cn=allowed host,dc=x,dc=y" read
by * none
authz-regexp CN=ldap.biobankcloud.eu,O=BBC
"cn=admin,dc=biobankcloud,dc=org"
database bdb
suffix "dc=x,dc=y"
rootdn "cn=admin,dc=x,dc=y"
rootpw {SSHA}blabla...
----
IS there anything else that I should set or something broken?
Do:
sudo ldapwhoami -Y EXTERNAL -H ldapi:///
to obtain your resolved authentication identity, and create an
appropriate
authz-regexp rule that maps that identity to your desired user, e.g.:
authz-regexp
"uidNumber=0,cn=peercred,cn=external,cn=auth"
"cn=admin,dc=biobankcloud,dc=org"
See: http://www.openldap.org/doc/admin24/sasl.html
--
Dan White
