[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL groups with multiple databases

To: openldap-software@OpenLDAP.org
Subject: ACL groups with multiple databases
From: Phil Dodderidge <pdodde@poyntz.com>
Date: Thu, 01 Jun 2000 21:22:33 +0000

I am trying to partition my data into multiple databases for ease of
administration and I have run into a problem with group access control
across databases.

I have something like the following in my slapd.conf

...
database ldbm
suffix        "dc=domain,dc=com"
directory    /usr/local/ldap/db
......
database ldbm
suffix         "ou=div1,o=company a,dc=domain,dc=com"
directory    /usr/local/ldap/db/div1
...
access to dn=".*,ou=div1,o=company a,dc=domain,dc=com"
    by group="cn=administrators,dc=domain,dc=com" write
    by group="cn=administrators,o=company a,dc=domain,dc=com" write



>From what I have found, my acl rule doesn't work because the groups are
in the first database and the entry is in the second database.  Is there
some reason I shouldn't be able to do this?  Is there something I am
missing in my configuration that would allow this to work?

I can work around this by entering the members into an administrators
group on the second database but then I obviously have to enter the same
users into every partition I create.

Thanks,

Phil

Follow-Ups:
- Re: ACL groups with multiple databases
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- The general problem with multiple databases
  - From: Terry Lambert <terry@whistle.com>

Prev by Date: Re: Server running but...
Next by Date: Open LDAP and PostgreSQL or Interbase
Index(es):
- Chronological
- Thread