CGatePro: ldap access rights for virtual domain admin

От: Alexander Serkin <CGatePro_at_mx_ru>
Дата: Mon 06 Dec 2004 - 14:03:06 MSK

День добрый.
Подскажите пож-ста, как (и где) правильно дать администратору виртуального домена на CGP (не основного) право управлять эккаунтами по LDAP? Есть пользователь:
GetAccountRights headlong@domain.ru
200 data follow
(Domain, CanCreateAccounts)

directory access rights:

Name= SkyAdmin
Target= cn=domain.ru
Bind DN= uid=headlong,cn=domain.ru
Type= allow

Specifications:

Record-Level: +RecordDeletionAllowed +RecordCreationAllowed Attributes Allowed for Reading *
Attributes Allowed for Searching *
Attributes Allowed for Modification *

но не пускают. Говорят - царь не настоящий:)

ldapadd -D "headlong@domain.ru" -h host -x -W -f new.sl.ru adding new entry "uid=petya,cn=domain.ru" ldap_add: Operations error

additional info: you do not have the required access right

ldif_record() = 1

содержимое new.sl.ru:

dn: uid=petya,cn=domain.ru

objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: CommuniGateAccount

cn: Petya Loshaderonyalov
hostServer: skylink.msk.ru
sn: Loshaderonyalov
telephoneNumber: 999
uid: petya
mail: petya@domain.ru

лог сервера:

13:40:12.69 5 LDAP connection request from [212.119.96.248:32996], socket=11
13:40:12.69 4 LDAP-00092([212.119.96.248]) got connection on [212.119.96.28:389]
13:40:12.69 5 LDAP-00092([212.119.96.248]) inp: SEQ(37) 02 01 01 60 20 02 01 03

04 13 68 65 61 64 6C 6F 6E 67 40 73 6B 79 6C 69 6E 6B 2E 72 75 80 06 78 78 31 32 33 34

13:40:12.69 4 LDAP-00092([212.119.96.248]) BINDing as 'headlong@domain.ru'
13:40:12.69 2 LDAP-00092([212.119.96.248]) 'headlong@domain.ru' connected from 
[212.119.96.248:32996]
13:40:12.69 4 LDAP-00092([212.119.96.248]) Logged in as

uid=headlong,cn=domain.ru. authType=0
13:40:12.69 5 LDAP-00092([212.119.96.248]) out: 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00
13:40:12.69 5 LDAP-00092([212.119.96.248]) inp: SEQ(280) 02 01 02 68 82 01 11 04 17 75 69 64 3D 70 65 74 79 61 2C 63 6E 3D 73 6B 79 6C 69 6E 6B 2E 72 75 30 81 F5 30 55 04 0B 6F 62 6A 65 63 74 63 6C 61 73 73 31 46 04 03 74 6F 70 04 06 70 65 72 73 6F 6E 04 14 6F 72 67 61 6E 69 7A 61 74 69 6F 6E 61 6C 13:40:12.69 1 LDAP-00092([212.119.96.248]) failed to add 'uid=petya,cn=domain.ru'. Error Code=you do not have the required access right 13:40:12.69 1 LDAP-00092([212.119.96.248]) insert failed. Error=you do not have the required access right
13:40:12.69 5 LDAP-00092([212.119.96.248]) out: 30 35 02 01 02 69 30 0A 01 01 04 00 04 29 79 6F 75 20 64 6F 20 6E 6F 74 20 68 61 76 65 20 74 68 65 20 72 65 71 75 69 72 65 64 20 61 63 63 65 73 73 20 72 69 67 68 74

13:40:12.69 5 LDAP-00092([212.119.96.248]) inp: SEQ(5) 02 01 03 42 00
13:40:12.69 4 LDAP-00092([212.119.96.248]) disconnecting
13:40:12.69 2 LDAP-00092([212.119.96.248]) 'headlong@domain.ru' disconnected

([212.119.96.248:32996])
13:40:12.76 4 LDAP-00092([212.119.96.248]) closing connection 13:40:12.76 4 LDAP-00092([212.119.96.248]) releasing stream

-- 
Sincerely Yours,
Alexander Serkin,
Skylink, Moscow

Получено Mon Dec 06 11:03:07 2004

Этот архив был сгенерирован hypermail 2.1.8 : Fri 24 Apr 2015 - 16:13:21 MSK