[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do I allow root to edit mdb database?

Subject: Re: How do I allow root to edit mdb database?
From: John Lewis <oflameo2@gmail.com>
Date: Tue, 2 Aug 2016 08:45:44 -0400
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:cc:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=7mznM3nk+HoNICvIj7EuLITOi3FS8rod3tObvZYTkos=; b=kzC8XyfO8KlwjlHE6dEM5BLFEhR4itx4jaS81yx+klaqmnjN0d9onn6dE7CrTWLuLN io12ZJirYvIEg1SkmsFyQJ4eKAW3y502ewvk04fiVxw4b9Qa2sNle83UcHJjO+ef+zA7 urw4nrPb5NvDfNasu5qzbbgXOTk1UIWxwxBwhRUcybcVsTiS9AedgQvNlk4JZWpItn8a Rjt90foVs7uxBcrowrZE4/kiGuzt1YV8tArajaTZZt4cHPedmur5SDXfs56flO1eWhU1 FAqnXFcZ3szISVIhuPdExtthEDGPlLad+f2uRCbs5SS/j2Pdoyyx2F4O1r3n87I3vpVd CxZA==
In-reply-to: <e3942c42-4616-8077-a186-3b900ec3a6e5@gmail.com>
References: <b96fc521-78e1-7936-08a5-66b304e7f4d0@gmail.com> <20160802111532.060a141e@pink.avci.de> <142914fa-9c96-7e54-7ce7-286c9b0c1ca9@gmail.com> <b37b661a-db9d-7fda-9c8d-18d81f081115@usit.uio.no> <e3942c42-4616-8077-a186-3b900ec3a6e5@gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.1.0

On 08/02/2016 08:29 AM, John Lewis wrote:
> On 08/02/2016 08:17 AM, Hallvard Breien Furuseth wrote:
>> On 02. aug. 2016 13:15, John Lewis wrote:
>>> If I wanted to map the permissions from
>>> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external to my
>>> olcRootDN: which I will call cn=Manager,dc=example,dc=com which is the
>>> olcRootDN: for dn: olcDatabase={1}mdb,cn=config, how would I do it?
>> Set the global directive olcAuthzRegexp (in cn=config) aka authz-regexp
>> (in slapd.conf) to
>> "^gidNumber=0[+]uidNumber=0,cn=peercred,cn=external$"
>> "cn=Manager,dc=example,dc=com"
>>
>>
> Slapd.conf? That is deprecated so I don't use it at all. I use ldapvi or
> ldbedit instead and connect using cn=config as the  base and
> cn=admin,cn=config as the bind dn.
>
> They both render the directory as a file and run the ldap query behind
> the scenes.
>
>
I thought I figured out what you meant and I tried to add olcAuthzRegexp
as an attribute but I got this error.

failed to modify olcDatabase={1}mdb,cn=config - LDAP error 65
LDAP_OBJECT_CLASS_VIOLATION -  <attribute 'olcAuthzRegexp' not allowed> <>

Follow-Ups:
- Re: How do I allow root to edit mdb database?
  - From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>

References:
- How do I allow root to edit mdb database?
  - From: John Lewis <oflameo2@gmail.com>
- Re: How do I allow root to edit mdb database?
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: How do I allow root to edit mdb database?
  - From: John Lewis <oflameo2@gmail.com>
- Re: How do I allow root to edit mdb database?
  - From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>
- Re: How do I allow root to edit mdb database?
  - From: John Lewis <oflameo2@gmail.com>

Prev by Date: Re: How do I allow root to edit mdb database?
Next by Date: In-Reply-To: AdHrvUgXFwns0ylwRzawJ6D0CewYvg==
Index(es):
- Chronological
- Thread