[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL Problem



Hi,

I'm using OpenLDAP 1.2.x.  I want to grant some users have the super-user
like privilege.  So, I create a DN - "cn=Directory
Administrators,ou=Group,o=SJNS,c=CN", which contain the userid of the proper
users.

dn: cn=Directory Administrators, ou=Group, o=SJNS, c=CN
memberuid: usr1
memberuid: usr2
memberuid: usr3
objectclass: posixGroup
objectclass: top
cn: Directory Administrators

And I have these ACL in slapd.conf file.
#################################################################
defaultaccess read
access to attr=userpassword,sn,maildrop
 by self write
 by dn="cn=Directory Administrators,o=SJNS,c=CN" write
 by dn="cn=Directory Administrators,ou=Group,o=SJNS,c=CN" write
 by * read

#################################################################

The problem is, when the user use their own DN
("uid=usr1,ou=people,o=SJNS,c=CN") bind to the ldap server. they still
cannot modify any entry except there own DN.

Could someone tell me the solution.  Thanks

Later,
Yours, Jerry Han