[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL Problem
On Thu, 02 Nov 2000, Jerry Han wrote:
> Hi,
>
> I'm using OpenLDAP 1.2.x. I want to grant some users have the super-user
> like privilege. So, I create a DN - "cn=Directory
> Administrators,ou=Group,o=SJNS,c=CN", which contain the userid of the proper
> users.
>
> dn: cn=Directory Administrators, ou=Group, o=SJNS, c=CN
> memberuid: usr1
> memberuid: usr2
> memberuid: usr3
> objectclass: posixGroup
> objectclass: top
> cn: Directory Administrators
Change
objectclass: posixGroup
to
objectclass: groupOfNames
> And I have these ACL in slapd.conf file.
> #################################################################
> defaultaccess read
> access to attr=userpassword,sn,maildrop
> by self write
> by dn="cn=Directory Administrators,o=SJNS,c=CN" write
> by dn="cn=Directory Administrators,ou=Group,o=SJNS,c=CN" write
> by * read
>
> #################################################################
Change your slapd.conf to reflect the following:
access to *
by group="cn=Directory Administrators,o=SJNS,c=CN" write
> The problem is, when the user use their own DN
> ("uid=usr1,ou=people,o=SJNS,c=CN") bind to the ldap server. they still
> cannot modify any entry except there own DN.
Restart slapd so the new configuration will be read.
Also, on your defaultaccess of read... It may not be such a good idea to give
everybody read permissions to userpassword. Especially if you are storing
cleartext passwords.
Mike