Granting access to authzTo attribute

Posted by bemace on Server Fault See other posts from Server Fault or by bemace
Published on 2011-02-08T18:44:37Z Indexed on 2011/02/08 23:27 UTC
Read the original article Hit count: 242

Filed under:

openldap

|

access-control

|

dynamic-configuration

|

proxied-authorization

I'm trying to grant certain accounts auth access to their authzTo attribute in order to allow proxied authorization.

I tried adding this ldif:

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcAccess
olcAccess: {1}to authzTo by dn.children="ou=Special Accounts,dc=example,dc=com" auth
-

using the command ldapadd -f perm.ldif -D "cn=admin,cn=config" -W

but got this error:

modifying entry "olcDatabase={-1}frontend,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
    additional info: <olcAccess> handler exited with 1

using verbose output and turning up the debug level haven't given me any more clues. Can anyone see what I'm doing wrong?

© Server Fault or respective owner

Related posts about openldap

Can't install new database in OpenLDAP 2.4 with BDB on Debian

as seen on Server Fault - Search for 'Server Fault'
I'm trying to install an openldap server (slapd) on a Debian EC2 instance. I have followed all the instructions I can find, and am using the recommended slapd-config approach to configuration. It all seems to be just fine, except that for some reason it can't create my new database. ldap.conf.bak… >>> More
Installing openLDAP

as seen on Server Fault - Search for 'Server Fault'
I have followed installing openLDAP from http://www.openldap.org/doc/admin24/quickstart.html and follow the tasks up to # 9. when I run [ su root -c /usr/local/libexec/slapd ] it asks for password and after I type the password no indication of if server has been started or not. When I run [ ldapsearch… >>> More
Create Active Directory schema into OpenLDAP

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Friends, I need to store Active Directory Data into OpenLDAP and for that I want to create the Active Directory schema into OpenLDAP. How to do it? >>> More
OpenLDAP on windows

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Friends, I am looking for some way of implementing OpenLDAP on WindowsXP. Is this possible? If Yes thn please tell me how? >>> More
OpenLDAP and user role based accedss controll (RBAC)

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, my company uses an openldap server which stores corporate user information ((username,passwd and some other information like email are stored in ldap).. Till now they only use it for authentication but now we'd like to use for authentication also, this means that we'll create roles (as ldap… >>> More

Related posts about access-control

LiteSpeed enable Access-Control-Allow-Origin (no response header on CORS request)

as seen on Server Fault - Search for 'Server Fault'
Seriously, I can't find a single page discussing this for litespeed. Using this format in the htaccess "Header set Access-Control-Allow-Origin http://aSite.com" (and https) sends the setting in the http response header, but I still get the "XMLHttpRequest cannot load https://aSite.com/aFile.php.… >>> More
DELETE method not working in Apache 2.4

as seen on Server Fault - Search for 'Server Fault'
I'm running Apache 2.4 locally and dealing with RESTful services authenticating through OAuth. GET, PUT and POST work fine but I can't get DELETE to work. I've tried installing WebDAV and mod_dav, overriding methods in .htaccess, tried Limits, force (enable) DELETE options in configuration and pretty… >>> More
CORS Fails on CloudFront Distribution with Nginx Origin

as seen on Server Fault - Search for 'Server Fault'
I have a CloudFront distribution set up with an Nginx server as the origin (a Media Temple DV server, to be specific). I enabled the Access-Control-Allow-Origin: * header so fonts will work in Firefox. However, Firefox throws a CORS error for fonts loaded from this CloudFront/Nginx distribution. I… >>> More
My MS Access control displays no text for appended items following an append query

as seen on Stack Overflow - Search for 'Stack Overflow'
The control in question is part of a datasheet-style subform that feeds off a multi-field combo-box. The control is bound to the first field of the combo box, an ID field which is hidden from view (column width set to zero). Consequently, the second field (Code) is displayed in the control when an… >>> More
ASP.NET and WIF: Showing custom profile username as User.Identity.Name

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I am building ASP.NET MVC application that uses external services to authenticate users. For ASP.NET users are fully authenticated when they are redirected back from external service. In system they are logically authenticated when they have created user profiles. In this posting I will show you how… >>> More