[Date Prev][Date Next]
Re: acl sets don't appear to work
--On Saturday, January 21, 2006 2:47 PM -0500 Robert Kean
I'm running OpenLDAP 2.1.30 on a Gentoo linux system. I've been running
this with samba 3.0.14a very successfully for over a year. When I set
this system up, I followed the howto presented by idealx.org, and I've
been pretty happy with the results.
But, recently, I decided that logging in as root and/or cn=Manager to do
maintenance on the DIT was not a very good idea. I figured, having a
"Domain Admins" group defined in my ldap directory should provide me with
an excellent control for who can/cannot edit the DIT...
regretfully, the memberUID attribute only stores the shortname for users,
so this has complicated setting up acl's for superuser access to the
I discovered acl sets. But, I can't seem to get them working.
I believe ACL sets weren't introduced until OpenLDAP 2.2. Of course,
OpenLDAP 2.1 and 2.2 are historic releases now, and 2.3.X is the current
release branch. You are running a very old version of OpenLDAP. ;)
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html