R003119   Access denied because user does not have 'write' permission for all attributes in the new name

Explanation

An LDAP modify DN operation failed because it does not have write permission to add the attributes in the new relative distinguished name (the RDN is the leftmost part of the distinguished name) of the entry being renamed. The attribute values in the RDN must always be part of the entry and are automatically added by the LDAP server to the entry. The requester must have write permission for each of these attributes in the entry being renamed. The requester's authority is determined using the aclEntry and entryOwner attribute values associated with the entry. See Using access control for more information about LDAP access control.

System action

The LDAP server continues to run, but the operation fails.

User response

Contact an LDAP administrator to grant write permission to the entry. Then reissue the operation.

Administrator response

Modify the aclEntry values for the entry to give the requester write permission. To determine the authority that a bound user has in the directory, use the GetEffectiveACL extended operation in the ldapexop utility.

Parent topic: Return and reason codes