[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP permissions question


Igor Shmukler schrieb (20.03.2015 11:59 Uhr):

- or make your first steps with ACLs and another user entry.
What do I do here?
read about ACL in the man pages and the admin guide!?

Do you need multiple mappings?

I understand that config database would allow me to have unto fifty
mapping. I just don't understand those could work for my need.

As you are one user on your system, this maps to one user in ldap with
As Micheal already posted:


uid 0 (from your system) maps to ldap entry cn=root,dc=example,dc=com.

I don't understand how this COULD work. Please explain why admin in
DIT 1 would have manage right to DIT 2.
He don't have to! But he can.

Go back to:

- Configure a rootdn with rootpw for each database. Use this to
  authenticate to slapd und modify things.
  This works? Fine, go on.
- Create a user entry inside your DIT
  _for every database admin you want_.
  Use _these entries_ as rootdn (one per database!).
  This works? Fine, go on.
- Delete the rootdn from config and make the user entry admin by an ACL.