[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL and distributed directory

To: openldap-software@OpenLDAP.org
Subject: ACL and distributed directory
From: "Probst, Carsten" <carsten.probst@net-m.de>
Date: Thu, 21 Jul 2005 10:54:02 +0200
Organization: net mobile AG

hello,

i'm curious if its possible to use acl (on server A) like this:

access to
dn.subtree="ou=zMRDB,ou=netmservice,o=netmldap"
by
dn.exact="ldaps://extranet2.net-m.de/cn=smsm_xms-route,ou=smsm,ou=ldapaccounts,ou=netm,ou=people,o=netmldap"
write

the problem is that i have different servers for distinct leaves of the
directory. server extranet2 handles ou=netm,ou=people,o=netmldap and
has superior knowledge information for o=netmldap pointing to another
server (lets call it server A).

now different applications accessing the data of server A but i want to
authorize this access via extranet2 where all my userobjects (and
application objects) are stored. maybe i have a wrong way of
approaching the problem and you can
help?!

what makes it more difficult is that extranet2 does not allow
anonymous reads, so somehow i have to provide a password when server A
is trying to access the leave ou=netm,ou=people,o=netmldap or can i
configure an acl like this on extranet2:

access to
dn.subtree="ou=smsm,ou=ldapaccounts,ou=netm,ou=people,o=netmldap"
by peername="<FQDN of server A>" read

thanx for your help!

regards,
carsten

6D1A 14B0 B36D 24A8 0517  9413 29BB 30A0 BE3D 4FAF
-- 
"The number of UNIX installations has grown to 10, with more
expected." (6/72)

Prev by Date: Re: invalid structural object class chain (inetOrgPerson/fw1person)
Next by Date: Re: How do I get a good gdb trave of slapd?
Index(es):
- Chronological
- Thread