[Date Prev][Date Next]
Re: ACL question
- To: openldap-software@OpenLDAP.org
- Subject: Re: ACL question
- From: James Shvarts <email@example.com>
- Date: Tue, 01 Oct 2002 12:09:54 -0400
- References: <200210011536.g91FafSX012664@phantom.vanrein.org>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530
thanks for your suggestion.
actually, i believe that replicator account (if it's not a rootdn of the
ldap server), needs to be granted replication access with acl
directives. my replica worked well with master when the replicator was
an admin in the slave ldap instance and i started getting ldap_bind:
Insufficient access (50) when i created a separate replicator account
within the slave instance only.
so, i guess there are two options here:
1) make replicator the rootdn of the slave
2) create a separate replicator within the slave and grant it all
priviliges using acl's
which way is recommended?
as for my original question, replicator is just an example. i also have
an account that is granted all privileges within
ou=origin,dc=myorg,dc=org, while the other account operates on
ou=target,dc=myorg,dc=org , etc. so the syntax that i originally asked
for will be helpful for several different accounts that i have.
thanks again, everyone
Rick van Rein wrote:
Hi James Shvarts,
Before responding, let me say that I'm uncertain if updates fall under the
normal ACL regime. I would have used another approach.
i have a the following context: ou=origin,dc=myorg,dc=org which contains
A context being a database/backend right? So it has a line