[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Setting up groups under OpenLDAP
According to my understanding of the FAQ page
(http://www.openldap.org/faq/data/cache/52.html), I can set up the entry
"cn=Administrators,ou=groups,o=cascade,c=au", and set its objectclass
attribute to groupofNames. Then I set its member attribute to include the
value "uid=dan,ou=people,o=cascade,c=au".
The
access to *
by group "cn=Administrators,ou=groups,o=cascade,c=au" write
by dn=".+" read
by * read
rule then should hopefully mean that if I bind to the server as any name
specified in the named group's member attribute, I should be given write
permission to any entry in the database. Is this a correct assumption?
I've just noticed that I haven't set the objectclass for
cn=Administrators... to "top". Will this affect things?
Cheers,
D.
Dan Makovec
e-mail dan@fatcanary.com.au <mailto:dan@fatcanary.com.au>
ICQ 1398090
Every day is a gift, that's why the present is so named
> -----Original Message-----
> From: Benjamin de los Angeles Jr. [mailto:bench@surfshop.net.ph]
> Sent: Monday, 17 April 2000 19:10
> To: Dan
> Cc: openldap-software@openldap.org
> Subject: RE: Setting up groups under OpenLDAP
>
>
>
> What's the access permission for
>
> access to *
> by group="cn=Administrators,ou=groups,o=cascade,c=au"
>
>
>
> On Mon, 17 Apr 2000, Dan wrote:
>
> > Hi there,
> >
> > > Error code 50 means you have insufficient access. It's true, acl's are
> > > applied to the user used to bind to LDAP. Make sure you are
> binding as a
> > > user with the right acl to modify things.
> >
> > Yeah I bind as uid=dan, which should be a member of the
> cn=Administrators
> > group, which should be configured to have write access to all
> in slapd.conf
> > (see the original message). Any ideas which acl setting I may
> have missed?
> >
>
>