[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need some help with OpenLDAP rights

To: openldap-software@openldap.org
Subject: Re: Need some help with OpenLDAP rights
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Sun, 31 Jan 2010 09:27:54 +0100
In-reply-to: <20100130000333.151940@gmx.net> (Guenter Knauf's message of "Sat, 30 Jan 2010 01:03:33 +0100")
References: <20100130000333.151940@gmx.net>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

"Guenter Knauf" <eflash@gmx.net> writes:

> Hi all, I have a relatively simple requirement to grant some OpenLDAP
> rights ....  my OpenLDAP directory looks like that: root
>     \
>      ou=managers
>      ou=webprojects
>                    \
>                     ou=groups
>                     ou=users
>
> now I need to grant full rights for users (InetOrgPerson) in
> ou=managers to ou=webprojects so that they can create/modify/delete
> users and groups in ou=groups,ou=webprojects and
> ou=users,ou=webprojects, also I would like to have users be able to
> modify their own entries.  For a start I tried some settings in
> slapd.conf, f.e.:
>
> access to dn.base="" by * read 
> access to dn.base="cn=Subschema" by * read 
> access to dn.base="ou=webprojects" by users write 

this should be 
access to d.subtree="ou=webprojekts by users write
For more information see slapd.access(5)

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E

References:
- Need some help with OpenLDAP rights
  - From: "Guenter Knauf" <eflash@gmx.net>

Prev by Date: Need some help with OpenLDAP rights
Index(es):
- Chronological
- Thread