Granting access to authzTo attribute

Posted by bemace on Server Fault See other posts from Server Fault or by bemace
Published on 2011-02-08T18:44:37Z Indexed on 2011/02/08 23:27 UTC
Read the original article Hit count: 246

I'm trying to grant certain accounts auth access to their authzTo attribute in order to allow proxied authorization.

I tried adding this ldif:

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcAccess
olcAccess: {1}to authzTo by dn.children="ou=Special Accounts,dc=example,dc=com" auth
-

using the command ldapadd -f perm.ldif -D "cn=admin,cn=config" -W

but got this error:

modifying entry "olcDatabase={-1}frontend,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
    additional info: <olcAccess> handler exited with 1

using verbose output and turning up the debug level haven't given me any more clues. Can anyone see what I'm doing wrong?

© Server Fault or respective owner

Related posts about openldap

Related posts about access-control