dlaan wrote:

>
> Hello,
>
> We've configured automatic backup (cron) for the Administration
> Console.
>
> For security purposes we do not want to use the admin user to create
> the backups.
>
> We created an bckadmin user, this user has only Read rights Inherit on
> the Tree.
>
> Wen we try to create the backup it fails with an error "AM#201001004:
> User has Insufficient Rights to perform the backup".
>
> Is there a solution for this? Without giving the bckadmin user
> supervisior rights.


I did a bit of trial and error and it seems that the ambkup script
checks what access rights the user nominated has. It does this through
some extended LDAP call from what I saw in a packet trace I took. I
can't see the request but just the response which returns some value.

I've created a user and gave it S Entry rights (left all attribute
default) on the o=novell container and S entry rights on the CA object
(again left the all attribute value default) and that managed to take a
backup. It needs to export all the certs and in order to export a
private key you need S rights on the server object exporting it. The
same counts for the private key of the CA. You need S Entry rights in
order to do that.

I do recommend that if you use any other user other than admin for a
backup and use restricted rights that you test the restore process to
make sure everything fully works as I have no clue if it supported by
Novell in case you run into issues.

--
Cheers,
Edward