[Date Prev][Date Next] [Chronological] [Thread] [Top]

access

To: openldap-software@OpenLDAP.org
Subject: access
From: Roger Thomas <rogtom75@yahoo.com>
Date: Sun, 3 Feb 2002 00:01:07 -0800 (PST)

the scenario:
Big Portal is a hosting company: bigportal.com
clients: client1.net, client2.org, client3.edu, ..., client10.com

i want only one person to be the ldap admin for bigportal and all its clients.
will this acl in slapd.conf suffice:
(note: the courier and qmail entries are the required user for my
qmail/courier-imap/ldap mail server)

(...snip...)
access to attr=userPassword
         by dn="cn=bigportal_admin,dc=*" write
         by dn="cn=courier,dc=*" read
         by dn="cn=qmail,dc=*" read
         by self write
         by * auth
access to *
         by dn="cn=bigportal_admin,dc=*" write
         by dn="cn=courier,dc=*" read
         by dn="cn=qmail,dc=*" read
         by self read
         by anonymous read
(...snip...)

what about this organizational role entry for bigportal_admin? can i do this ?

(excerpt from my ldif)
#organization entry for bigportal
dn: dc=bigportal,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: bigportal
o: bigportal
description: The Big Portal Company

#organizational role entry for bigportal
dn: cn=bigportal_admin,dc=*
objectClass: top
objectClass: organizationalRole
cn: bigportal_admin
description: Big Portal and Clients LDAP Admin

please advise.

--
roger

__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! 
http://auctions.yahoo.com

Prev by Date: search relult empty after adding indexes
Next by Date: Search all attributes
Index(es):
- Chronological
- Thread