[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: one user access all databases
Ok,
I found the solution.
I need to define an IDAssert per database like this:
database meta
suffix "dc=ntws,dc=nl"
uri "ldaps://ldapcons0.domain.nl/dc=domain,dc=nl"
idassert-bind bindmethod=simple
binddn="uid=proxy,ou=Service,dc=service,dc=domain,dc=nl"
credentials="U may guess"
mode=none
uri "ldaps://ldapcons1.domain.nl/dc=domain,dc=nl"
idassert-bind bindmethod=simple
binddn="uid=proxy,ou=Service,dc=service,dc=domain,dc=nl"
credentials="U may guess"
mode=none
Thanks for your help and answers
Regards,
Hendrik van der Ploeg
Noordwijkerhout
The Netherlands
> On Tuesday, 22 March 2011 12:12:53 Hendrik van der Ploeg wrote:
>> ok thanks,
>>
>> But how can I set the user in a seperate database to have access to a
>> different database?
>
>> > Use a separate local database with a suitable backend (e.g. hdb or
>> bdb).
>
> Any "local" DN can appear in access control statements for any other
> database.
>
> Here is one example (allowing "local" users in
> dc=ranger,dc=dnsalias,dc=com
> access to cn=config)
>
> [bgmilne@tiger ~]$ ldapsearch -Q -LLL -b cn=config "(olcDatabase=config)"
> olcAccess
> dn: olcDatabase={0}config,cn=config
> olcAccess: {0}to * by group="cn=LDAP Admins,ou=System
> Groups,dc=ranger,dc=dnsa
> lias,dc=com" ssf=112 write
> olcAccess: {1}to * by * none
>
> [bgmilne@tiger ~]$ ldapwhoami -Q
> dn:uid=bgmilne,ou=people,dc=ranger,dc=dnsalias,dc=com
> [bgmilne@tiger ~]$ ldapcompare -Q 'cn=LDAP Admins,ou=System
> Groups,dc=ranger,dc=dnsalias,dc=com'
> member:uid=bgmilne,ou=people,dc=ranger,dc=dnsalias,dc=com
> TRUE
>
> (BTW, please keep replies on-list, and while we're at it, try avoid
> unnecessary top-posting)
>
> Regards,
> Buchan
>
>