[Date Prev][Date Next] [Chronological] [Thread] [Top]

Adding new People in OpenLDAP

  Hi all.

  I wrote to the list a few weeks a go with a problem concerning adding new
people (entries) in a hierarchie and the apropriate access rules.

  I have managed to make it work, it appears that it was a combination
of too many spaces (between ","s) and the wrong sequence of directives
"access to * by self write" seems to break it if its mentioned in the
beginning of the rules (???).

  My current problem is that I still cant get it to work with the
"dnattr" attribute. Any ideas ?

defaultaccess   read

access to dn=".*,o=BIBA,c=DE"
        by dn="uid=fks,ou=PPC,o=BIBA,c=DE" write
        by dn="uid=fre,ou=PPC,o=BIBA,c=DE" write
#       by dnattr=manager write

access to attribute=userPassword
        by dn="uid=root,o=BIBA,c=DE" write
        by self write
        by dn="^$" none
        by * none

access to * by dn="uid=root,o=BIBA,c=DE" write

access to * by self write
dn: o=BIBA,c=DE
description: BIBA
objectclass: organization

dn: ou=PPC,o=BIBA,c=DE
ou: PPC
description: BIBA PPC
objectclass: organizationalUnit
manager: uid=fks,ou=PPC,o=BIBA,c=de
manager: uid=fre,ou=PPC,o=BIBA,c=de

  I have gathered (from reading the list) that there is some sort of
group mechanism that can be also used to handle this issue, but the
dnattr solution would be much better for us as it would allow us to skip
creating all those groups. The problem is that we are going to need
*many* groups if dnattr doesnt work.

 I've been asked if vi was an easy editor to learn, whether it was intuitive
or not. My general response to this question is: "Yes, some of us think so.
		But most people think that we are crazy."