[Date Prev][Date Next] [Chronological] [Thread] [Top]

Security question.

Hi. Was wondering if somebody could help me with a problem I am
having.  I am trying to make an administator group in my ldap server that
will be able to administer all entries in the base dn (similar to the
Manager's rights).  I have this in my LDAP server: 

cn=Administrators,dc=<my domain>,dc=net
member=cn=<member1>,dc=<my domain>,dc=net
member=cn=<member2>,dc=<my domain>,dc=net

I have this in my slapd.conf:

defaultaccess read
access to dn="cn=*,dc=<my domain>,dc=net
	by self write
	by dn="cn=Manager,dc=<my domain>,dc=net" write
	by dn="cn=Administrators,dc=<my domain>,dc=net" write
	by * read

This allows Manager to write, but when I try to write with member1, who
is in the Administrators group, I get insufficient rights.  Could somebody
please help me out.  Thanks in advance...

Cliff Friedel