Richard Sharpe
2008-Aug-29 04:27 UTC
[Fedora-directory-users] Access control and best practices etc ...
Hi, I have set up Fedora Directory Services (albeit, on CentOS 5.2). Then I set up some PosixAccounts and they all work. Then I wanted to add the sambaSamAccount attribute using the smbldap-usermod tool from the Idealx site, but I keep getting told that I don''t have ''write'' privilege to add the attribute for the user I selected. Now, I set up the binddn as cn=Directory Manager and specified the correct password. What is going wrong? Secondly, I suspect that using the Directory Manager is not a good idea. Are there any links to documentation on best practice for this?
<ben.van.veen@planet.nl>
2008-Aug-31 10:09 UTC
RE: [Fedora-directory-users] Access control and best practices etc ...
Richard, Can you add the value to the attribute with the FDS consol ? Ben. -----Oorspronkelijk bericht----- Van: fedora-directory-users-bounces@redhat.com namens Richard Sharpe Verzonden: vr 29-8-2008 6:27 Aan: fedora-directory-users@redhat.com Onderwerp: [Fedora-directory-users] Access control and best practices etc ... Hi, I have set up Fedora Directory Services (albeit, on CentOS 5.2). Then I set up some PosixAccounts and they all work. Then I wanted to add the sambaSamAccount attribute using the smbldap-usermod tool from the Idealx site, but I keep getting told that I don''t have ''write'' privilege to add the attribute for the user I selected. Now, I set up the binddn as cn=Directory Manager and specified the correct password. What is going wrong? Secondly, I suspect that using the Directory Manager is not a good idea. Are there any links to documentation on best practice for this? -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Richard Sharpe
2008-Aug-31 16:33 UTC
Re: [Fedora-directory-users] Access control and best practices etc ...
On Sun, Aug 31, 2008 at 3:09 AM, <ben.van.veen@planet.nl> wrote:> > Richard, > > Can you add the value to the attribute with the FDS consol ?Turns out my problem was a mis-configuration of smbldap.conf. I had the wrong dn for Directory Manager. I was able to use ldapmodify to add the attribute, and then increasing the debugging output from the dirsrv daemon showed me what the problem was. However, I still suspect that it is good practice to create a separate entity that all the Samba stuff can use to bind with.