[Date Prev][Date Next]
User specific access configuration
My LDAP server includes several independent LDAP databases. For various
reasons I'd prefer to let local users use some of the databases without
having to authenticate as long as they're logged on to the local
machine. My slapd.conf permissions currently include the following
access configurations as well as a few LDAP administrator items not
access to *
by peername="ip=192\.168\.1\.*" read
by peername="ip=127.\0.\0.\1" read
by self write
by anonymous auth
The above configuration enables local users as well as LAN users to read
all databases without having to log in.
I now want to implement the following features, which includes six users
(that is, UNIX users created with "adduser" that are not defined in any
LDAP database) and two LDAP databases:
1. Modify the above access rules to apply to specific databases.
2. Allow User1, User2, and User3 to search in search base o=database1,
as long as they're logged into the local machine, and without requiring
them to login to LDAP for database1. User1, User2, and User3 should not
be allowed to search base o=AnotherBase.
3. Allow UserA, UserB, and UserC to search in search base
o=AnotherBase, as long as they're logged into the local machine, and
without requiring them to login to LDAP for databaseA. UserA, UserB,
and UserC should not be allowed to search base o=Database1.
(Wishes 2 and 3 above are almost identical, but since the configuration
of one might include details of the configuration of the other, I'm
I wasn't able to find out how to do this by googleing around. Is the
above possible, and if so, how?