[Date Prev][Date Next] [Chronological] [Thread] [Top]

Group with admin priviledges

Hash: SHA1


I'm trying to setup a group of users that would be able to modify the
contents of any ldap entry.

Here is the output from ldapsearch -x -b "dc=cellnet,dc=com" "cn=admins"

# extended LDIF
# LDAPv3
# base <dc=cellnet,dc=com> with scope sub
# filter: cn=admins
# requesting: ALL

# admins, cellnet.com
dn: cn=admins,dc=cellnet,dc=com
cn: admins
gidNumber: 900
memberUid: ahirsch
memberUid: kfragale
memberUid: mwelling
memberUid: mbegemann
objectClass: top
objectClass: posixGroup

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

As you can see there are 4 users in the admins group.  The question(s)
I have are:  what ou do these users need to be in, and what do I need
in the slapd.conf?  Evidently I have it wrong, but here's what I have:


access to attrs=userPassword,telephoneNumber,mobile,mail
~     by self write
~     by anonymous auth
~     by dn.base="cn=admins,dc=cellnet,dc=com" write
~     by * none

access to *
~     by dn.base="cn=admins,dc=cellnet,dc=com" write
~     by * read

When I perform a search on my uid, ahirsch, here is what I get:

ldapsearch -x -b "dc=cellnet,dc=com" "uid=ahirsch" | grep dn
dn: uid=ahirsch,ou=people,dc=cellnet,dc=com
dn: uid=ahirsch,ou=pe,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=ae,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=et,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=ip,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=je,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=kc,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=konsole,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=no,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=ns,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=office,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=pp,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=ue,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=ui,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=we,ou=projects,dc=cellnet,dc=com
dn: uid=ahirsch,ou=xx,ou=projects,dc=cellnet,dc=com

So, I'm missing something in the translation for creating an
administrative group.   Any help would be greatly appericiated!


- --
Aaron M. Hirsch
Atos Origin - Cellnet
11146 Thompson Ave.
Lenexa, KS 66219
Work:(913) 312-4717
Fax:(913) 312-4701
Mobile:(913) 284-9094
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org