lejeczek wrote: > Having multiple top level domains Let's use clear terminology. You probably mean the naming context, DB suffix. > I wanted to allow rootdn from other domain > (say B) to have similar access rights to rootdn of home domain (say A) > and i put this into config of A domain > > to * by dn="cn=manger,dc=B,dc=topdom" manage > > but I get infamous: > > Insufficient access (50) > additional info: no write access to parent > > Is possible what I try to do, does LDAP allow, i prepared for such a scenario? > If yes can I get some light shed on what I got wrong or did not get at all. This is definitely possible but I would not use the rootdn of a DB suffix for this. I'd rather define a group (in any naming context) and assign rights to this group. Also we have to see your complete config to see whether things are complete. Make sure to read and understand slapd-access(5): http://www.openldap.org/software/man.cgi?query=slapd.access Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature