[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: simple ACL requirement, grant access to modify myself and my sub entries, not sure how to do it

To: Shane <squindler@gmail.com>
Subject: Re: simple ACL requirement, grant access to modify myself and my sub entries, not sure how to do it
From: Zhang Weiwu <zhangweiwu@realss.com>
Date: Fri, 11 May 2007 14:51:39 +0800
Cc: OpenLDAP Software List <openldap-software@openldap.org>
In-reply-to: <10badf220705090759r623f8e96q8466b41590045a9f@mail.gmail.com>
Organization: Real Softservice
References: <1178717242.16284.49.camel@joe.realss.com> <10badf220705090759r623f8e96q8466b41590045a9f@mail.gmail.com>

On Thu, 2007-05-10 at 00:29 +0930, Shane wrote:
> Hopefully someone will correct me if I'm wrong but as far as I'm aware
> you cannot log in as an ou object.
> 
> I'd has setup and admin user for dn: ou=Support,o=Real Softservice eg:
> 
> cn=admin,ou=Support,o=Real Softservice
> 
> then create an ACL like
> 
> access to dn.base="ou=Support,o=Real Softservice"
>      by dn.exact="cn=admin,ou=Support,o=Real Softservice" write
>      by * read

Such ACL is just fine and understandable for me, but in my case I have
3000 ou in my ldap repository belonging to more than 1500 'o' entries,
and each ou have many persons in it, each 'o' and 'ou' need to login, if
I use your syntax I will need to add 4500 ACL rules to my slapd.conf and
buy a super powerful computer for that...

References:
- simple ACL requirement, grant access to modify myself and my sub entries, not sure how to do it
  - From: Zhang Weiwu <zhangweiwu@realss.com>
- Re: simple ACL requirement, grant access to modify myself and my sub entries, not sure how to do it
  - From: Shane <squindler@gmail.com>

Prev by Date: Re: Minimal OpenLDAP server source
Next by Date: Re: Search replies processed twice?
Index(es):
- Chronological
- Thread