[Date Prev][Date Next] [Chronological] [Thread] [Top]

REPOST::: SubtreeAdmin in openLDAP v3

Hi there,

I have installed openLDAP v3 and it seems to be running very smoothly. However I always thought that one of the great strengths of LDAP is the possibility to create different subtrees, thereby each subtree having its very own admin with write privileges.

Lets's say I have the tree

 I-- store a
 I-- store b

Both subtrees (store a and store b) have the same scheme which is included via slapd.conf. Ich have included core.schema also. Each subtree is containing the data of records only; -no users. The "unsolvable" problem is to create two admins (one for the subtree store a and the other one for store b) having only read / write privileges on his very own subtree.

With openLDAP 1.2 I simply can add an accessline like this:
access to ou=store_a,o=records by cn=admin_store_a,ou=admins,o=records write

In openLDAP v3 I get obscure errors. Sometimes it doesen't work at all, at other times it says "no write access to parent". Have they changed accesslines that much in openLDAP v3 ?