[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl sets don't appear to work

--On Saturday, January 21, 2006 2:47 PM -0500 Robert Kean <rkean@keanconsulting.com> wrote:

I'm running OpenLDAP 2.1.30 on a Gentoo linux system. I've been running

this with samba 3.0.14a very successfully for over a year. When I set
this system up, I followed the howto presented by idealx.org, and I've
been pretty happy with the results.

But, recently, I decided that logging in as root and/or cn=Manager to do
maintenance on the DIT was not a very good idea.  I figured, having a
"Domain Admins" group defined in my ldap directory should provide me with
an excellent control for who can/cannot edit the DIT...

regretfully, the memberUID attribute only stores the shortname for users,
so this has complicated setting up acl's for superuser access to the
I discovered acl sets.  But, I can't seem to get them working.

I believe ACL sets weren't introduced until OpenLDAP 2.2. Of course, OpenLDAP 2.1 and 2.2 are historic releases now, and 2.3.X is the current release branch. You are running a very old version of OpenLDAP. ;)


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html