Error 50 (Insufficient Access Rights) when applying LDIF - OpenLDAP
I'm trying to apply a config through a LDIF file. I'm binding as admin on my LDAPs server and I'm getting the following Error Message:
LDAP: Error 50 - Insufficient Access Rights
I'm binding as admin and I'm able to perform any query or any changes like creating a new entry, modifying an existing one, etc.
I don't know what else to do since I'm already binding as admin. Besides, I even built a brand new LDAP server only to test this and I'm unable to apply any LDIF files as well.
I'm using the Apache Directory Studio LDIF Editor tool to push the LDIF file, which is the following:
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
by cn=replicator,ou=Users,dc=example,dc=com write
-
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcDbIndex
olcDbIndex: entryCSN eq
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: {1}syncprov
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpCheckpoint: 100 10
olcSpSessionlog: 100
Could someone please help me with this issue? I've read a lot of articles with no success so far.
Answer
It's as expected in my comment above: If you connect as cn=admin,dc=yourdomain,dc=tld to your LDAP server, you connect as admin of your specific LDAP database (which is just one database within your LDAP server).
So you have to create another connection to your LDAP server with user cn=config and your LDAP admin password:
In case you don't know or forgot your LDAP password, take a look on how to view or modify it.
Alternatively, import LDIFs from the command line:
ldapadd -Q -Y EXTERNAL -H ldapi:/// -W -f file.ldif