[Date Prev][Date Next]
RE: Setting up groups under OpenLDAP
According to my understanding of the FAQ page
(http://www.openldap.org/faq/data/cache/52.html), I can set up the entry
"cn=Administrators,ou=groups,o=cascade,c=au", and set its objectclass
attribute to groupofNames. Then I set its member attribute to include the
access to *
by group "cn=Administrators,ou=groups,o=cascade,c=au" write
by dn=".+" read
by * read
rule then should hopefully mean that if I bind to the server as any name
specified in the named group's member attribute, I should be given write
permission to any entry in the database. Is this a correct assumption?
I've just noticed that I haven't set the objectclass for
cn=Administrators... to "top". Will this affect things?
e-mail firstname.lastname@example.org <mailto:email@example.com>
Every day is a gift, that's why the present is so named
> -----Original Message-----
> From: Benjamin de los Angeles Jr. [mailto:firstname.lastname@example.org]
> Sent: Monday, 17 April 2000 19:10
> To: Dan
> Cc: email@example.com
> Subject: RE: Setting up groups under OpenLDAP
> What's the access permission for
> access to *
> by group="cn=Administrators,ou=groups,o=cascade,c=au"
> On Mon, 17 Apr 2000, Dan wrote:
> > Hi there,
> > > Error code 50 means you have insufficient access. It's true, acl's are
> > > applied to the user used to bind to LDAP. Make sure you are
> binding as a
> > > user with the right acl to modify things.
> > Yeah I bind as uid=dan, which should be a member of the
> > group, which should be configured to have write access to all
> in slapd.conf
> > (see the original message). Any ideas which acl setting I may
> have missed?