Peter Mogensen wrote:
Hi,
I've been trying to script database creation via cn=config.
Creating the HDB database works fine, but when I try to add the LDIF for
the root node, I get:
# ldapadd -YEXTERNAL -H ldapi:/// -f ./bootstrap.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "dc=app,dc=example,dc=com"
ldap_add: Insufficient access (50)
additional info: no write access to parent
... which is understandable. However, I would prefer not to set a
temporary rootpw for the database. Is there any way around that?
I considered Proxy authorization, but the root DN for the database I'm
creating is in the LDIF I'm trying to add.
/Peter
PS: As you can probably see, all access goes through SASL EXTERNAL. UNIX
root maps to cn=config via ldapi:/// , remote access uses x509
certificates.
Add an ACL (either global, if there aren't any in that database, or
local) that allows the identity you trust to write to that database.
p.
