[Date Prev][Date Next]
Re: Access control config revisited
> I have read message 199910/msg0007:RE:Access control config (
> http://www.openldap.org/lists/openldap-software/199910/msg00006.html )
> and on the surface it looks like how we need to set up our ldap server.
> We want to set up a directory structure that allows for an admin person
> from each department to administer their own users. Our primary use will
> be for employee lookup (their email, phone number, etc.) and for user
> authentication. But the example used a directory tree with traditional
> naming. Could the same thing be accomplished using the internet naming
> directory tree structure? And if so what would the ACL for the admin
> account look like? Which structure is better for configuration,
> expandability, administration, searchability, etc.?
You don't say what software version you're going to use;
I hope you'll use a recent version (e.g. 2.1.25 or 2.2.X);
then you better look at more recent emails and docs.
I recommend the Admin Guide and slapd.access(5) man page,
and a recent thread