[Date Prev][Date Next] [Chronological] [Thread] [Top]

access



the scenario:
Big Portal is a hosting company: bigportal.com
clients: client1.net, client2.org, client3.edu, ..., client10.com

i want only one person to be the ldap admin for bigportal and all its clients.
will this acl in slapd.conf suffice:
(note: the courier and qmail entries are the required user for my
qmail/courier-imap/ldap mail server)

(...snip...)
access to attr=userPassword
         by dn="cn=bigportal_admin,dc=*" write
         by dn="cn=courier,dc=*" read
         by dn="cn=qmail,dc=*" read
         by self write
         by * auth
access to *
         by dn="cn=bigportal_admin,dc=*" write
         by dn="cn=courier,dc=*" read
         by dn="cn=qmail,dc=*" read
         by self read
         by anonymous read
(...snip...)

what about this organizational role entry for bigportal_admin? can i do this ?

(excerpt from my ldif)
#organization entry for bigportal
dn: dc=bigportal,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: bigportal
o: bigportal
description: The Big Portal Company

#organizational role entry for bigportal
dn: cn=bigportal_admin,dc=*
objectClass: top
objectClass: organizationalRole
cn: bigportal_admin
description: Big Portal and Clients LDAP Admin

please advise.

--
roger

__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! 
http://auctions.yahoo.com