[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP permissions question


> - Configure a rootdn with rootpw for each database. Use this to
>   authenticate to slapd und modify things.
>   This works? Fine, go on.

Been working for a while

> - Create a user entry inside your DIT.
>   Use this entry as rootdn.
>   This works? Fine, go on.
> - Map this user entry from your local unix user with olcAuthzRegexp
>   to use with ldapi and EXTERNAL.
>   This works? Fine, go on.

I am with you.

> - or make your first steps with ACLs and another user entry.

What do I do here?

> Do you need multiple mappings?

I understand that config database would allow me to have unto fifty
mapping. I just don't understand those could work for my need.

> As you are one user on your system, this maps to one user in ldap with
> olcAuthzRegexp.
> As Micheal already posted:
> authz-regexp
>   "gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
>     "cn=root,dc=example,dc=com"
> uid 0 (from your system) maps to ldap entry cn=root,dc=example,dc=com.

I don't understand how this COULD work. Please explain why admin in
DIT 1 would have manage right to DIT 2.


Igor Shmukler