[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP permissions question


Igor Shmukler schrieb (20.03.2015 12:22 Uhr):
I do have entries for each database. If my suffix is, for example
dc=test,dc=org, administrator would be cn=admin,dc=test,dc=org
Administrators have manage access to their databases. This part is
working fine. I add and remove records as needed. You also wrote one
per database - this is exactly what I have.
Unfortunately, despite all the help, I don't see how this is relevant.
I thought, this is what you want!?

The advice to read documentation is great. In fact, i never hurt.

I am happy to offer a bounty to person who can configure this. I need
to keep my setup with one config databases with multiple DITs.
This is the basic standard.
You only have one config database.
And one or more data databases.

I need each DIT database to work as today
whatever this is ...

- be managed by an authenticated local/suffix root user.
one user per database was what I talked about.
one admin/manange/root user for all databases is even simpler: just use the same user in all your databases.

What you cannot do (IMHO), is mapping _one_ system user to _many_ ldap users. But I don't think this is necessary.

I need a way to alter records in any/every DIT
database using another root - one that would work on ALL DITs.
Use ACL!

If someone could do this before Sunday morning, please contact me to
discuss compensation. If I don't get to a result by Sunday morning, I
have to start changing the architecture so I can show something on
Monday. :)
Good luck with that!