[Date Prev][Date Next] [Chronological] [Thread] [Top]

Need some help with OpenLDAP rights

To: openldap-software@openldap.org
Subject: Need some help with OpenLDAP rights
From: "Guenter Knauf" <eflash@gmx.net>
Date: Sat, 30 Jan 2010 01:03:33 +0100

Hi all,
I have a relatively simple requirement to grant some OpenLDAP rights ....
my OpenLDAP directory looks like that:
root
    \
     ou=managers
     ou=webprojects
                   \
                    ou=groups
                    ou=users

now I need to grant full rights for users (InetOrgPerson) in ou=managers to ou=webprojects so that they can create/modify/delete users and groups in ou=groups,ou=webprojects and ou=users,ou=webprojects, also I would like to have users be able to modify their own entries.
For a start I tried some settings in slapd.conf, f.e.:

access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to dn.base="ou=webprojects" by users write
access to *
	by self write
	by users read
	by anonymous auth

>From my (most likely wrong) understanding this would mean that every user should be able to create/modify/delete every entry in and below ou=webprojects; but unfortunately this seems not the case. Instead I get all other sorts of whoes like 'error: need stronger encryption' when I try to login via non-ssl connection etc.
I really dont need ssl since in my case the manager users will always only login via web application on localhost, so nothing goes over the wire.

Can please someone tell about the proper access rules for my requirements?

thanks, Günter.

-- 
Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser

Follow-Ups:
- Re: Need some help with OpenLDAP rights
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: Question about contextCSN's
Next by Date: Re: Need some help with OpenLDAP rights
Index(es):
- Chronological
- Thread