[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd-meta and acls



Hi list.

I'll try to ask again. :)

We are want use slapd-meta for aggregate several databases to one DIT. We are suppose, users will read and write "o=vega" (virtual) suffix. Members of cn=sysadmins should have write access to all db objects.
Also, we would like to use ACL's per-databases, not global.


Currently, write access to ou=devel doesn't work and we can't find error in our acls.

Could somebody help us? We can provide any extended information.

slapd.conf:
...
database        meta
suffix          "o=vega"
uri   ldap://ldap.irka.int.masterhost.ru/ou=devel,ou=sites,o=vega";
suffixmassage   "ou=devel,ou=sites,o=vega" "ou=devel"
uri             "ldap://ldap.irka.int.masterhost.ru/o=vega";
suffixmassage   "o=vega" "o=vega-main"
...

database hdb
suffix ou=devel
...
access to dn.sub="ou=devel"
by group/groupOfUniqueNames/uniqueMember="cn=sysadmins,ou=groups,ou=vega-main" write
by * read
...


database        hdb
suffix          o=vega-main
...

We are using FreeBSD 7.0 amd64 and openldap-2.4.11

WBR.
Dmitriy