[Date Prev][Date Next]
ACL groups with multiple databases
I am trying to partition my data into multiple databases for ease of
administration and I have run into a problem with group access control
I have something like the following in my slapd.conf
suffix "ou=div1,o=company a,dc=domain,dc=com"
access to dn=".*,ou=div1,o=company a,dc=domain,dc=com"
by group="cn=administrators,dc=domain,dc=com" write
by group="cn=administrators,o=company a,dc=domain,dc=com" write
>From what I have found, my acl rule doesn't work because the groups are
in the first database and the entry is in the second database. Is there
some reason I shouldn't be able to do this? Is there something I am
missing in my configuration that would allow this to work?
I can work around this by entering the members into an administrators
group on the second database but then I obviously have to enter the same
users into every partition I create.