[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need some help with OpenLDAP rights

"Guenter Knauf" <eflash@gmx.net> writes:

> Hi all, I have a relatively simple requirement to grant some OpenLDAP
> rights ....  my OpenLDAP directory looks like that: root
>     \
>      ou=managers
>      ou=webprojects
>                    \
>                     ou=groups
>                     ou=users
> now I need to grant full rights for users (InetOrgPerson) in
> ou=managers to ou=webprojects so that they can create/modify/delete
> users and groups in ou=groups,ou=webprojects and
> ou=users,ou=webprojects, also I would like to have users be able to
> modify their own entries.  For a start I tried some settings in
> slapd.conf, f.e.:
> access to dn.base="" by * read 
> access to dn.base="cn=Subschema" by * read 
> access to dn.base="ou=webprojects" by users write 

this should be 
access to d.subtree="ou=webprojekts by users write
For more information see slapd.access(5)


Dieter Klünter | Systemberatung