[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cross DIT/TLD rootdn - or allow a foreign rootdn

lejeczek wrote:
> Having multiple top level domains

Let's use clear terminology.
You probably mean the naming context, DB suffix.

> I wanted to allow rootdn from other domain
> (say B) to have similar access rights to rootdn of home domain (say A)
> and i put this into config of A domain
> to *  by dn="cn=manger,dc=B,dc=topdom" manage
> but I get infamous:
> Insufficient access (50)
>     additional info: no write access to parent
> Is possible what I try to do, does LDAP allow, i prepared for such a scenario?
> If yes can I get some light shed on what I got wrong or did not get at all.

This is definitely possible but I would not use the rootdn of a DB suffix for
this. I'd rather define a group (in any naming context) and assign rights to
this group.

Also we have to see your complete config to see whether things are complete.

Make sure to read and understand slapd-access(5):


Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature