[Date Prev][Date Next] [Chronological] [Thread] [Top]

´ð¸´: ´ð¸´: Access-Config & Schema via LDAP


If you want to use pre-defined object class in slapd.oc.conf and attribute in slapd.at.conf, you don't need modify the slapd.conf at all. But, if you want to use object defined by yourself,such as "Germany-People", you MUST modify the slapd.conf to include a INCLUDE line to include your own object define file such as helge.oc.conf and helge.at.conf.  and you need use the same format for these file as in the slapd.oc.conf and slapd.at.conf file.

This file will help you a lot.


???: Helge Hess [mailto:helge.hess@skyrix.com]
????: 2000?7?5? 20:52
???: Hong Li
??: 'OpenLDAP Software'
??: Re: ??: Access-Config & Schema via LDAP


I'm not sure whether you understood my question. I *don't* want to
modify slapd.conf, I would like to configure the server via LDAP. 

Eg to get the schema for an object I would like to use sth like that

  ldap_search "(&(objectclass=objectclass)(classname=inetperson))"

and get back sth like that

  dn: classname=inetperson,o=MDlink.de
  classname: inetperson
  attributes: name1,name2,name3,email,street

or maybe a tree like that:

       /           \
  inetperson       printer         objectclass: objectclass
   /   |   \      /   |  \
name email uid  ip  name type      objectclass: objectclass-attribute

Similiar for ACLs which I would like to configure/retrieve using
standard LDAP clients.

I would like to know whether there is a backend (or some other thing)
which operates on slapd.conf like files to make the above happen.
Further I would like to know whether there are standards in LDAP which
describe how to accomplish that (eg the objectclass definition for an
objectclass definition ;-)


Hong Li wrote:
> The access rights is all up to you. LDAP has provide enough detailed configuration for this purpose. please take a look at the man page of slapd.conf
> While you read the man page of slapd.conf, I am sure you will find out what does the "schemacheck on/off" statement means .
> -----ԭʼÓʼþ-----
> ·¢¼þÈË: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org]´ú±í; Helge Hess
> ·¢ËÍʱ¼ä: 2000Äê7ÔÂ5ÈÕ 20:34
> ÊÕ¼þÈË: OpenLDAP Software
> Ö÷Ìâ: Access-Config & Schema via LDAP
> Hello,
> is there a standard-way (or standard backend) to configure access rights
> using an LDAP client ? Or is the only way to setup rights to configure
> an appropriate slapd.conf by hand ?
> Is a backend planned/available which read/writes slapd.conf ?
> What about the schema, is/will this be available via the LDAP protocol ?
> Thanks
>   Helge

SKYRIX-OS  Web Operating System       - http://www.skyrix.com
SKYRIX-IAS IntraNet Application Suite - http://www.skyrix.com