I suggest you enable the LDAP log and take a look at this. On Red Hat based distros, you can do it by following steps:
Set a syslog facility:
cat /etc/sysconfig/ldap
SLAPD_OPTIONS="-l local4"
Specify a log file for OpenLDAP in /etc/syslog.conf
:
# OpenLDAP log
local4.* /var/log/ldap.log
touch /var/log/ldap.log
and restart syslogd
On other distros, at the step one, simply add the -l local4
into the start() function in your init script.
EDIT
Set loglevel
to 128 (ACL processing) and try again.
EDIT 2
cannot assess the validity of the ACL scope within backend naming
context
Put the ACLs before the backend context:
access to attrs=userPassword
by self write
by users read
by * none
access to *
by self write
by users read
by * none
database bdb
suffix "dc=monzell,dc=com"
checkpoint 1024 15
rootdn "cn=root,dc=monzell,dc=com"
rootpw <REDACTED
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
database monitor
Best Answer
LDAP result code insufficientAccess(50) means that the currently bound identity for the LDAP connection is not allowed to apply this particular modify operation.
You did not provide any relevant details. So it boils down to: