[Date Prev][Date Next]
Re: overlay unique - multiple suffixes
there are different reasons for this strict distinction. Especially for
I think I have to choose the same naming context for both suffixes, if I
would create a meta database and put slapo-unique there.
Is it an alternative? If it is, could I create a meta database with
different naming contexts?
Aaron Richton schrieb:
On Tue, 29 Jul 2008, Michael Ströder wrote:
I have two suffixes with two bdb backends, in the first suffix you
find internal and in the second suffix you find external users.
You could glue the suffixes together under a common suffix if it does
not violate your security requirements and place slapo-unique there.
Presumably, the two suffix values are known in advance as constants.
Therefore it should be fairly trivial to write ACLs along the lines of:
access to dn.subtree="ou=Area1,dc=suffix" [mostlyAllow]
access to dn.subtree="ou=Area2,dc=suffix" [mostlyAllow]
access to dn.subtree="dc=suffix" [mostlyDeny]
which should allow slapo-unique to be used (under access internal to
slapd) while not granting additional access to the external world.