[Date Prev][Date Next] [Chronological] [Thread] [Top]

Security question.

To: openldap-software@OpenLDAP.org
Subject: Security question.
From: Cliff Friedel <cliff@wrkcs.net>
Date: Thu, 29 Jun 2000 16:37:20 -0400 (EDT)

Hi. Was wondering if somebody could help me with a problem I am
having.  I am trying to make an administator group in my ldap server that
will be able to administer all entries in the base dn (similar to the
Manager's rights).  I have this in my LDAP server: 

cn=Administrators,dc=<my domain>,dc=net
cn=Administrators
objectclass=groupofNames
objectclass=top
member=cn=<member1>,dc=<my domain>,dc=net
member=cn=<member2>,dc=<my domain>,dc=net

I have this in my slapd.conf:

defaultaccess read
access to dn="cn=*,dc=<my domain>,dc=net
	by self write
	by dn="cn=Manager,dc=<my domain>,dc=net" write
	by dn="cn=Administrators,dc=<my domain>,dc=net" write
	by * read

This allows Manager to write, but when I try to write with member1, who
is in the Administrators group, I get insufficient rights.  Could somebody
please help me out.  Thanks in advance...


Cliff Friedel

Follow-Ups:
- Re: Security question.
  - From: Norbert Klasen <klasen@zdv.uni-tuebingen.de>

Prev by Date: The right way to add auxiliary classes
Next by Date: Re: Help: slapd respawning too fast
Index(es):
- Chronological
- Thread