Hello, on 06.12.2004 14:03, Alexander Serkin at CGatePro@mx.ru wrote:
> День добрый.
> Подскажите пож-ста, как (и где) правильно дать администратору виртуального
> домена на CGP (не основного) право управлять эккаунтами по LDAP?
>
> Есть пользователь:
> GetAccountRights headlong@domain.ru
> 200 data follow
> (Domain, CanCreateAccounts)
>
> directory access rights:
>
> Name= SkyAdmin
> Target= cn=domain.ru
попробуйте заменить на
Target= *cn=domain.ru
> Bind DN= uid=headlong,cn=domain.ru
> Type= allow
>
> Specifications:
>
> Record-Level: +RecordDeletionAllowed +RecordCreationAllowed
> Attributes Allowed for Reading *
> Attributes Allowed for Searching *
> Attributes Allowed for Modification *
>
> но не пускают. Говорят - царь не настоящий:)
>
> ldapadd -D "headlong@domain.ru" -h host -x -W -f new.sl.ru
> adding new entry "uid=petya,cn=domain.ru"
> ldap_add: Operations error
> additional info: you do not have the required access right
>
> ldif_record() = 1
>
>
> содержимое new.sl.ru:
>
> dn: uid=petya,cn=domain.ru
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> objectclass: CommuniGateAccount
> cn: Petya Loshaderonyalov
> hostServer: skylink.msk.ru
> sn: Loshaderonyalov
> telephoneNumber: 999
> uid: petya
> mail: petya@domain.ru
>
> лог сервера:
>
> 13:40:12.69 5 LDAP connection request from [212.119.96.248:32996], socket=11
> 13:40:12.69 4 LDAP-00092([212.119.96.248]) got connection on
> [212.119.96.28:389]
> 13:40:12.69 5 LDAP-00092([212.119.96.248]) inp: SEQ(37) 02 01 01 60 20 02 01
> 03
> 04 13 68 65 61 64 6C 6F 6E 67 40 73 6B 79 6C 69 6E 6B 2E 72 75 80 06 78 78 31
> 32
> 33 34
> 13:40:12.69 4 LDAP-00092([212.119.96.248]) BINDing as 'headlong@domain.ru'
> 13:40:12.69 2 LDAP-00092([212.119.96.248]) 'headlong@domain.ru' connected from
> [212.119.96.248:32996]
> 13:40:12.69 4 LDAP-00092([212.119.96.248]) Logged in as
> uid=headlong,cn=domain.ru. authType=0
> 13:40:12.69 5 LDAP-00092([212.119.96.248]) out: 30 0C 02 01 01 61 07 0A 01 00
> 04
> 00 04 00
> 13:40:12.69 5 LDAP-00092([212.119.96.248]) inp: SEQ(280) 02 01 02 68 82 01 11
> 04
> 17 75 69 64 3D 70 65 74 79 61 2C 63 6E 3D 73 6B 79 6C 69 6E 6B 2E 72 75 30 81
> F5
> 30 55 04 0B 6F 62 6A 65 63 74 63 6C 61 73 73 31 46 04 03 74 6F 70 04 06 70 65
> 72
> 73 6F 6E 04 14 6F 72 67 61 6E 69 7A 61 74 69 6F 6E 61 6C
> 13:40:12.69 1 LDAP-00092([212.119.96.248]) failed to add
> 'uid=petya,cn=domain.ru'. Error Code=you do not have the required access right
> 13:40:12.69 1 LDAP-00092([212.119.96.248]) insert failed. Error=you do not
> have
> the required access right
> 13:40:12.69 5 LDAP-00092([212.119.96.248]) out: 30 35 02 01 02 69 30 0A 01 01
> 04
> 00 04 29 79 6F 75 20 64 6F 20 6E 6F 74 20 68 61 76 65 20 74 68 65 20 72 65 71
> 75
> 69 72 65 64 20 61 63 63 65 73 73 20 72 69 67 68 74
> 13:40:12.69 5 LDAP-00092([212.119.96.248]) inp: SEQ(5) 02 01 03 42 00
> 13:40:12.69 4 LDAP-00092([212.119.96.248]) disconnecting
> 13:40:12.69 2 LDAP-00092([212.119.96.248]) 'headlong@domain.ru' disconnected
> ([212.119.96.248:32996])
> 13:40:12.76 4 LDAP-00092([212.119.96.248]) closing connection
> 13:40:12.76 4 LDAP-00092([212.119.96.248]) releasing stream
-- Best regards, Dmitry Akindinov -- Stalker LabsПолучено Mon Dec 06 11:25:37 2004
Этот архив был сгенерирован hypermail 2.1.8 : Tue 21 Feb 2006 - 03:15:36 MSK