domain maintainer unable to write to user accounts

Gavin McCullagh gavin.mccullagh at
Thu Aug 19 00:55:32 CEST 2010


we have a kolab v2.2.4 setup with a main domain and two others.  I've
created domain maintainer accounts and set them with access to edit all
three domains.  When I edit the non-main domain accounts using the domain
maintainer accounts, some of the time the edit works and some of the time I
get the error:

LDAP Error: Could not modify object cn=XXXXXXXXXXXX,dc=YYYYYYYY,dc=ZZZ: Insufficient access

There seems to be no pattern in which accounts I can and edit and which
I can't.  I've looked at slapcat output and the accounts that work look
identical to those which I can't edit.  

Does anyone have any suggestions how I might debug this?  I'll admit I
don't completely understand the openldap schemas and ACLs so perhaps I'm
missing something important there?

Many thanks in advance for any suggestions,


More information about the users mailing list