[Date Prev][Date Next] [Chronological] [Thread] [Top]

Group with admin priviledges

To: openldap-software@OpenLDAP.org
Subject: Group with admin priviledges
From: "Aaron M. Hirsch" <Aaron.Hirsch@atosorigin.com>
Date: Thu, 19 Feb 2004 09:15:04 -0600
Organization: AtosOrigin
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

I'm trying to setup a group of users that would be able to modify the
contents of any ldap entry.

Here is the output from ldapsearch -x -b "dc=cellnet,dc=com" "cn=admins"

# extended LDIF
#
# LDAPv3
# base <dc=cellnet,dc=com> with scope sub
# filter: cn=admins
# requesting: ALL
#

# admins, cellnet.com
dn: cn=admins,dc=cellnet,dc=com
cn: admins
gidNumber: 900
memberUid: ahirsch
memberUid: kfragale
memberUid: mwelling
memberUid: mbegemann
objectClass: top
objectClass: posixGroup

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

As you can see there are 4 users in the admins group.  The question(s)
I have are:  what ou do these users need to be in, and what do I need
in the slapd.conf?  Evidently I have it wrong, but here's what I have:

slapd.conf

access to attrs=userPassword,telephoneNumber,mobile,mail
~     by self write
~     by anonymous auth
~     by dn.base="cn=admins,dc=cellnet,dc=com" write
~     by * none

access to *
~     by dn.base="cn=admins,dc=cellnet,dc=com" write
~     by * read

When I perform a search on my uid, ahirsch, here is what I get:

ldapsearch -x -b "dc=cellnet,dc=com" "uid=ahirsch" | grep dn
dn: uid=ahirsch,ou=people,dc=cellnet,dc=com
dn: uid=ahirsch,ou=pe,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=ae,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=et,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=ip,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=je,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=kc,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=konsole,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=no,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=ns,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=pp,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=ue,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=ui,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=we,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=xx,ou=projects,dc=cellnet,dc=com

So, I'm missing something in the translation for creating an
administrative group.   Any help would be greatly appericiated!

TIA!

- --
Aaron M. Hirsch
Atos Origin - Cellnet
11146 Thompson Ave.
Lenexa, KS 66219
Work:(913) 312-4717
Fax:(913) 312-4701
Mobile:(913) 284-9094
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFANNL3gBD+XyMGAPwRAhOHAJ496la7FQfnPAlnpf4QZ7NAE7BlogCfVz1B
mAjrey/FlBvDELcwOSGXE4U=
=NorQ
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Group with admin priviledges
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: RE: Appropriate slapd.conf dbcachesize size?
Next by Date: Re: slapindex question (was slapcat question)
Index(es):
- Chronological
- Thread