[Date Prev][Date Next] [Chronological] [Thread] [Top]

Group administration ACL




I'd like to allow a group of administrators to maintain a portion of the LDAP tree. The OpenLDAP document provides a hint on how to do this, but no examples, i.e.


       dnattr=<dn-valued attribute name

Here is an example of what I want to do ...
For instance with a goup of unique names:

dn: cn=Directory Administrators, ou=Groups, o=airius.com
cn: Directory Administrators
objectclass: top
objectclass: groupofuniquenames
ou: Groups
uniquemember: uid=kvaughan, ou=People, o=airius.com
uniquemember: uid=rdaugherty, ou=People, o=airius.com
uniquemember: uid=hmiller, ou=People, o=airius.com


The ACL commonly provided in slapd.conf is access to attr=userPassword by self write by anonymous auth by * none

So what would the ACL look like if access to userPassword was also allowed for everyone in the LDAP groupofuniquenames "Directory Administrators"?


Thank you.

Stephen