Re: OpenLDAP permissions question

[Igor Shmukler <igor.shmukler@gmail.com>]

Hi,

I have been trying to understand configuration OpenLDAP for a while.
It is a challenge for me. Even people on this list, who know OpenLDAP
[unlike your's truly] are at times contradicting one another. As we
see from this thread, there are others confused about access
configuration, too.
If not for your and others' help, I would not even understand as much.

Seems to me that not many know how to write ACLs for OpenLDAP. This is
obviously moot. I just need to figure out what can done, this time. I
am not an administrator. If I can get my program, utilizing OpenLDAP
as a backend, to work, I will be happy enough. :)

Of course, unless someone suggests something that works, I have no
choice but analyze every example out there, at least for a bit longer.
I figure that if nothing comes through by Sunday, it should consider
throwing backend away and switching to a different architecture.
Obviously OpenLDAP works well, but if I am not smart enough to get it
to work as needed, it is not much good to me.

Sincerely,

Igor Shmukler


On Friday, March 20, 2015, Michael Ströder <michael@stroeder.com> wrote:
>
> Igor Shmukler wrote:
>>
>> If there is no way to grant access to all records across all databases
>> to cn=config [because it is not a user], I would go for having a
>> [different] user who can delete records in multiple DITs[, by invoking
>> LDAPI or whatever].
>
>
> You should really analyze this example configuration:
>
> https://build.opensuse.org/package/view_file/home:stroeder:branches:network:ldap/openldap2/slapd.conf.example?expand=1
>
> Ciao, Michael.
>