[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
learning olcAccess
- To: openldap-technical@openldap.org
- Subject: learning olcAccess
- From: Lists Nethead <lists@nethead.se>
- Date: Sun, 18 Mar 2018 16:54:32 +0100
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nethead.se; s=NETHEADSE; t=1521388475; bh=3QjOwLzEks/u/4G1hAy8/qfvAl7ksEIhm/FN9ARySf0=; h=Date:From:To:Subject; b=i6L1UIjw2kJ9GEwI2wI1IUX8tM4FDFnTp9ENdQDS3LwNFBL+xoJkKIiaKnn8jWP3A ESaDKxdGqJtKFMzchldQxlIRCBhX6Jmw2+1Aozyv5NUvPrXbd/KsKOJsM8El4Udrgl XQBsycs6m5vKz2fij01GjR2VfCR0d6VncParJmtY=
- User-agent: Horde Application Framework 5
Hi all,
First post here, and it is asking for advice on an access rule. Setup is,
+-dc=example,dc=com
+--ou=somedomain
+---uid=someuser,ou=somedomain,dc=example,dc=com
+--ou=someotherdomain
+---uid=otheruser,ou=someotherdomain,dc=example,dc=com
+--ou=yetanotherdomain
The ruleset so far that seems to work is
to dn.base="" by * read
to dn.base="cn=subschema" by * read
to attrs=userPassword by dn.base="cn=admin,dc=example,dc=com"
write by dn.base="uid=otheradmin,ou=System,dc=example,dc=com" write by self
write by anonymous auth by * none
to * by dn.base="uid=someadmin,ou=System,dc=example,dc=com" w
rite by self read by peername.ip=<address>%255.255.255.0 read by peern
ame.ip=<address>%255.255.255.0 read by peername.ip=<address>%255.255.2
55.0 read by users tls_ssf=256 read by * none
What I want next is that
"uid=someuser,ou=somedomain,dc=example,dc=com" should be able to
administer accounts in "ou=somedomain" and likewise for other "ou=".
My guess is that a group with admin accounts is the way to go but
right now my eyes are bleeding after reading the whole day about
access rules...
Thanks,
//per