Granting access to authzTo attribute
- by bemace
I'm trying to grant certain accounts auth access to their authzTo attribute in order to allow proxied authorization.
I tried adding this ldif:
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcAccess
olcAccess: {1}to authzTo by dn.children="ou=Special Accounts,dc=example,dc=com" auth
-
using the command ldapadd -f perm.ldif -D "cn=admin,cn=config" -W
but got this error:
modifying entry "olcDatabase={-1}frontend,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: <olcAccess> handler exited with 1
using verbose output and turning up the debug level haven't given me any more clues. Can anyone see what I'm doing wrong?