[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Granting write to ou

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: Granting write to ou
From: Howard Chu <hyc@symas.com>
Date: Wed, 22 Dec 2010 11:44:23 -0800
Cc: openldap-technical@openldap.org
In-reply-to: <20101222203220.6ca88783@rubin.avci.de>
References: <4D12014A.90709@domingo.dk> <20101222203220.6ca88783@rubin.avci.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b8pre) Gecko/20101024 Firefox/4.0b8pre SeaMonkey/2.1b2pre

Dieter Kluenter wrote:

Am Wed, 22 Dec 2010 14:46:50 +0100
schrieb "Thomas D. Dahlmann"<domingo@domingo.dk>:

Hi

I'm trying to add ordinary users write access to a specific ou.

I've googled a lot and haven't really found any useful regarding to
openldap 2.4 (slapd.d format).

What would be the correct syntax for a ldapmodify command to
accomplish this to the dn: ou=addressbook,dc=example,dc=net ?


something like:
ldapmodify -D "cn=config" -W -H ldap://some.host
dn:olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {1} to dn.subtree="ou=addressbook,dc=example,dc=net" by
  users write by * read
-

The numbers {1} are fictious, replace with your real values.

Do not supply the {x} numbers at all when you're just doing a replace. slapdgenerates them itself, so there's no need.

You only need to provide the {x} numbers when you actually want to reference aspecific value in a multivalued attribute. Even then, they're just aconvenience, not absolutely essential.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Granting write to ou
  - From: "Thomas D. Dahlmann" <domingo@domingo.dk>
- Re: Granting write to ou
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: Granting write to ou
Next by Date: Openldap Authentication
Index(es):
- Chronological
- Thread