[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to create a directory admin group

To: Onno van der Straaten <onno.van.der.straaten@gmail.com>
Subject: Re: How to create a directory admin group
From: Dan White <dwhite@olp.net>
Date: Sun, 6 Jan 2013 17:47:35 -0600
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CADKMi6Lvz3--zVcUkjzVMraD7VYfJeTQfwTOOxavcdvwB+E1xg@mail.gmail.com>
References: <CADKMi6Lvz3--zVcUkjzVMraD7VYfJeTQfwTOOxavcdvwB+E1xg@mail.gmail.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On 01/05/13 12:27 +0100, Onno van der Straaten wrote:

How can I define a admin group for my directory? Currently I have one admin
account, the one that was created during installation, cn=Manager,
dc=my-domain, dc=com. I would like to create a group for example
cn=ldap-admins,dc=my-domain,dc=com and then make users member of this group
to grant them privilege to do admin work on the directory similar to
cn=Manager.


The admin account you reference is the rootdn, which has no ACL
restrictions.

I suppose I have to add access rules. But where and how I don't know.


Right. You'd create a group, and then configure your ACLs appropriately.
See section 8.4.4 of the OpenLDAP Administrator's Guide for an example, and
the slapd.access and slapacl manpages.

--
Dan White

References:
- How to create a directory admin group
  - From: Onno van der Straaten <onno.van.der.straaten@gmail.com>

Prev by Date: Re: Bind failing with "critical extension is unavailable" error when used with pagedresultscontrol
Next by Date: Re: How to change the base dn after installation
Index(es):
- Chronological
- Thread