[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL groups with multiple databases

I am trying to partition my data into multiple databases for ease of
administration and I have run into a problem with group access control
across databases.

I have something like the following in my slapd.conf

database ldbm
suffix        "dc=domain,dc=com"
directory    /usr/local/ldap/db
database ldbm
suffix         "ou=div1,o=company a,dc=domain,dc=com"
directory    /usr/local/ldap/db/div1
access to dn=".*,ou=div1,o=company a,dc=domain,dc=com"
    by group="cn=administrators,dc=domain,dc=com" write
    by group="cn=administrators,o=company a,dc=domain,dc=com" write

>From what I have found, my acl rule doesn't work because the groups are
in the first database and the entry is in the second database.  Is there
some reason I shouldn't be able to do this?  Is there something I am
missing in my configuration that would allow this to work?

I can work around this by entering the members into an administrators
group on the second database but then I obviously have to enter the same
users into every partition I create.