Here’s where you all get to laugh and point at me for not knowing this sooner. I was setting up Domino for LDAP access on a server with multiple directories in DA. Everything was working fine until I wanted to write values from another source into the Domino LDAP. Insufficient access. OK so let’s check
- Account being use to authenticate has Editor access to the ACL in all directories in Directory Assistance
- Global Configuration document in Domino is set to allow LDAP write activity
- Global Configuration document in Domino is set to allow write activity that doesn’t conform to the schema
- I can login to the web interface of Domino using the LDAP credentials and successfully edit the person document I’m trying to change through LDAP
So what was my problem? Apparently with LDAP write activity the Global Configuration document enabling LDAP to do writes has to appear in every directory used by Directory Assistance ! I finally got there by trial and error but that makes no sense at all, especially because the secondary directory doesn’t even need to use the pubnames.ntf template. The Global Configuration document by definition controls LDAP activity for the entire domain which surely includes any secondary directories that are set up. But that’s what it was.
I created a Global Configuration document in my secondary directory and set it to allow LDAP and write activity and my “Insufficient Access” went away.
Ooh look – wordpress has a poll facility , let’s try it.
I had the same exact problem once but the source was different. The client had set the setting on the advanced tab of the ACL in the directory to limit “Internet” access to a max of Reader. Who knew that LDAP counted as “Internet” access. That only took me hours and hours to find.