[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL in a subordinate backend

Hello OpenLDAP people.

I'm trying to ACL a user in a OpenLDAP 2.1 `subordinate' backend.
A user itself resides in superior. Whatever combinations of ACL I use,
slapd stops on auth state (checked with level 128 debug). I use 2.1.3
version of OpenLDAP.

I'm making a multiple subordinate solution with
replicas (my apologies to OpenLDAP team for the ITS#1947; just another
hard monday). And I want to place replicator's account into the
superior backend (root), while permitting write-only access to the
whole backend, but nothing else. Idea is to make a separate replicator
account for each backend (better security, etc).

backend "ou=unit1,o=org,c=ru", owned by "cn=replicator1,o=org,c=ru"
backend "ou=unit2,o=org,c=ru", owned by "cn=replicator2,o=org,c=ru"
backend "ou=unitN,o=org,c=ru", owned by "cn=replicatorN,o=org,c=ru"

backend "o=org,c=ru", owned by "cn=manager,o=org,c=ru"
 entry: "cn=manager,o=org,c=ru"
 entry: "cn=replicator1,o=org,c=ru"
 entry: "cn=replicator2,o=org,c=ru"
 entry: "cn=replicatorN,o=org,c=ru"

Is it ever possible?

I appreciate Your help.
Best regards,
 Peter                          mailto:spam4octan@highway.ru