[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Adding new People in OpenLDAP
Hi all.
I wrote to the list a few weeks a go with a problem concerning adding new
people (entries) in a hierarchie and the apropriate access rules.
I have managed to make it work, it appears that it was a combination
of too many spaces (between ","s) and the wrong sequence of directives
"access to * by self write" seems to break it if its mentioned in the
beginning of the rules (???).
My current problem is that I still cant get it to work with the
"dnattr" attribute. Any ideas ?
----------------------------------------------------------
defaultaccess read
access to dn=".*,o=BIBA,c=DE"
by dn="uid=fks,ou=PPC,o=BIBA,c=DE" write
by dn="uid=fre,ou=PPC,o=BIBA,c=DE" write
# by dnattr=manager write
access to attribute=userPassword
by dn="uid=root,o=BIBA,c=DE" write
by self write
by dn="^$" none
by * none
access to * by dn="uid=root,o=BIBA,c=DE" write
access to * by self write
----------------------------------------------------------
dn: o=BIBA,c=DE
description: BIBA
objectclass: organization
dn: ou=PPC,o=BIBA,c=DE
ou: PPC
description: BIBA PPC
objectclass: organizationalUnit
manager: uid=fks,ou=PPC,o=BIBA,c=de
manager: uid=fre,ou=PPC,o=BIBA,c=de
----------------------------------------------------------
I have gathered (from reading the list) that there is some sort of
group mechanism that can be also used to handle this issue, but the
dnattr solution would be much better for us as it would allow us to skip
creating all those groups. The problem is that we are going to need
*many* groups if dnattr doesnt work.
--
I've been asked if vi was an easy editor to learn, whether it was intuitive
or not. My general response to this question is: "Yes, some of us think so.
But most people think that we are crazy."