LDAP write access to Domino Directory

0 pts.
Tags:
LDAP
Lotus Domino
Hello I am trying to write into a Domino 6.02CF1 Directory using LDAP. I followed the instructions from the Admin help, ie: - Server Config document/ LDAP Tab: Allow LDAP users write access" set to 'yes' - In the Domino Directory's ACL, the user has Manager access with User modifier role I have following error: Failed to update entry, Root error: [LDAP: error code 50 - Insufficient Access Rights] I'm using LDAP Browser/Editor ver2.82 to access the Domino Directory via LDAP. I'm binding with the LDAP syntax and the bind is successful. I can read the Directory but I can't update any attribute in a Person document. I can't see what is blocking the access in write mode. Thanks in advance for any help Samir
ASKED: December 1, 2004  4:18 AM
UPDATED: December 2, 2004  6:56 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

I’m not an expert in this particular area, but you could try some elimination…

You say the user has access? If this is a normal user, as a temporary measure to try and narrow down the problem area, try using an administrative ID and password to authenticate the LDAP client and see if the response is the same. If so, it’s probably the LDAP client or the LDAP setup of Domino. If not, then it’s related to the access control that you’ve set on the directory. From memory, there are some gotcha’s in access control on the directory to prevent inadvertent errors by users.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Samirk
    Thanks for your reply, I did try with the main Admin ID, same result. It must be something with the LDAP access setup in Domino (or maybe the Dmomino Directory's ACL). I suppose if I use the LDAP syntax on my LDAP client (ie CN=Joe User/O=MYCERT) and the Notes syntax in the ACL (ie: Joe User/MYCERT) it does recognize them as being the same person? It must be, as I can retreive all attributes in my LDAP client (as opposed to an anonymous bind) Samir
    0 pointsBadges:
    report
  • Anadminguy
    When you checked the ACL, you only mention what the user's rights were. What is the setting on the Advanced tab for 'Maximum Internet Name & password'? I believe that's where you might by hitting the rights problem.
    0 pointsBadges:
    report
  • Samirk
    Fixed! Some kind adminguy (whose answer I couldn't find on the site, I just got the first few words in the e-mail notification) suggested I look at the ACL's advanced tab, 'Maximum Internet Name & password access'. I thought I had changed this to 'Editor', but it was on 'Reader' again. Turns out you have to recycle the server after this change! Same thing after a change in LDAP access rights Thanks to all Samir
    0 pointsBadges:
    report
  • Jvpaton
    Hi Samir, Just some troubleshooting thoughts: > R U using xACL on the DD? > Did you tell router update config or restart the server? > using an admin account, can you add a new person entry? > There is a debug ini variable LDAPDEBUG=1 -as always use debug variables with great care for a short period and constant monitoring. And check out this really useful posting ... http://www-10.lotus.com/ldd/nd6forum.nsf/55c38d716d632d9b8525689b005ba1c0/5c4bf25f844b9ac785256e4c005998b7?OpenDocument GL 8!8
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following