[Date Prev][Date Next] [Chronological] [Thread] [Top]

´ð¸´: ´ð¸´: Access-Config & Schema via LDAP

To: "'Helge Hess'" <helge.hess@skyrix.com>, "'Hong Li'" <hongli@qiji.com>
Subject: ´ð¸´: ´ð¸´: Access-Config & Schema via LDAP
From: "Hong Li" <hongli@qiji.com>
Date: Wed, 5 Jul 2000 21:08:22 +0800
Cc: "'OpenLDAP Software'" <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <39632F6D.65E66974@skyrix.com>

Hi,

If you want to use pre-defined object class in slapd.oc.conf and attribute in slapd.at.conf, you don't need modify the slapd.conf at all. But, if you want to use object defined by yourself,such as "Germany-People", you MUST modify the slapd.conf to include a INCLUDE line to include your own object define file such as helge.oc.conf and helge.at.conf.  and you need use the same format for these file as in the slapd.oc.conf and slapd.at.conf file.

This file will help you a lot.
http://www.openldap.org/lists/openldap-software/199911/msg00157.html

Reg.

Vincent
-----????-----
???: Helge Hess [mailto:helge.hess@skyrix.com]
????: 2000?7?5? 20:52
???: Hong Li
??: 'OpenLDAP Software'
??: Re: ??: Access-Config & Schema via LDAP

Hi,

I'm not sure whether you understood my question. I *don't* want to
modify slapd.conf, I would like to configure the server via LDAP. 

Eg to get the schema for an object I would like to use sth like that

  ldap_search "(&(objectclass=objectclass)(classname=inetperson))"

and get back sth like that

  dn: classname=inetperson,o=MDlink.de
  classname: inetperson
  attributes: name1,name2,name3,email,street

or maybe a tree like that:

           schema
       /           \
  inetperson       printer         objectclass: objectclass
   /   |   \      /   |  \
name email uid  ip  name type      objectclass: objectclass-attribute

Similiar for ACLs which I would like to configure/retrieve using
standard LDAP clients.

I would like to know whether there is a backend (or some other thing)
which operates on slapd.conf like files to make the above happen.
Further I would like to know whether there are standards in LDAP which
describe how to accomplish that (eg the objectclass definition for an
objectclass definition ;-)

Thanks,
  Helge

Hong Li wrote:
> 
> The access rights is all up to you. LDAP has provide enough detailed configuration for this purpose. please take a look at the man page of slapd.conf
> 
> While you read the man page of slapd.conf, I am sure you will find out what does the "schemacheck on/off" statement means .
> 
> -----ÔÊ¼ÓÊ¼þ-----
> ·¢¼þÈË: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org]´ú±í; Helge Hess
> ·¢ËÍÊ±¼ä: 2000Äê7ÔÂ5ÈÕ 20:34
> ÊÕ¼þÈË: OpenLDAP Software
> Ö÷Ìâ: Access-Config & Schema via LDAP
> 
> Hello,
> 
> is there a standard-way (or standard backend) to configure access rights
> using an LDAP client ? Or is the only way to setup rights to configure
> an appropriate slapd.conf by hand ?
> Is a backend planned/available which read/writes slapd.conf ?
> 
> What about the schema, is/will this be available via the LDAP protocol ?
> 
> Thanks
>   Helge

-- 
SKYRIX-OS  Web Operating System       - http://www.skyrix.com
SKYRIX-IAS IntraNet Application Suite - http://www.skyrix.com

Follow-Ups:
- Re: ´ð¸´: ´ð¸´: Access-Config & Schema via LDAP
  - From: Helge Hess <helge.hess@skyrix.com>

References:
- Re: ´ð¸´: Access-Config & Schema via LDAP
  - From: Helge Hess <helge.hess@skyrix.com>

Prev by Date: Re: ´ð¸´: Access-Config & Schema via LDAP
Next by Date: Re: 댑릿: Newbie Question - running configure
Index(es):
- Chronological
- Thread