[Date Prev][Date Next] [Chronological] [Thread] [Top]

Subadmins using Groups ?

To: "OpenLDAP-software@OpenLDAP.org" <OpenLDAP-software@OpenLDAP.org>
Subject: Subadmins using Groups ?
From: Carsten Zerbst <carsten.zerbst@atlantec-es.com>
Date: Wed, 14 Apr 2004 23:24:13 +0200

Hello,

I try to define subadmins in Organizations, something like

dc=shincos.de
	o=MTW
	cn=Joe Superuser
	cn=admin (uniqueMember= cn=Joe Superuser,o=MTW,dc=shincos.de)


where Joe Superuser should be able to create and modify 
entries below o=MTW.

My acl says

access to dn.regex="(.+),o=([^,]+),dc=shincos.de$"
           attrs=children,entry,uid
      by groupOfUniqueNames.regex="^cn=admin,o=$2,dc=shincos.de$" write
      by users read

but I could not edit the uid attribute on other users. If I
remove the attrs line, I'm not even able to login in as
Joe Superuser.

Any hints ?

Carsten 

	
-- 
Carsten Zerbst <carsten.zerbst@atlantec-es.com>

Follow-Ups:
- Re: Subadmins using Groups ?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: SLOW Performance: OpenLDAP on Linux and IBM Dual Xeon?
Next by Date: How to set new paged result limit [WAS] RE: Paged results flakey - and hdb vs bdb
Index(es):
- Chronological
- Thread