[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL in a subordinate backend

To: openldap-software@OpenLDAP.org
Subject: ACL in a subordinate backend
From: "Peter A. Savitch" <spam4octan@highway.ru>
Date: Wed, 17 Jul 2002 12:47:16 +0300
Organization: RUNET.RU

Hello OpenLDAP people.

I'm trying to ACL a user in a OpenLDAP 2.1 `subordinate' backend.
A user itself resides in superior. Whatever combinations of ACL I use,
slapd stops on auth state (checked with level 128 debug). I use 2.1.3
version of OpenLDAP.

I'm making a multiple subordinate solution with
replicas (my apologies to OpenLDAP team for the ITS#1947; just another
hard monday). And I want to place replicator's account into the
superior backend (root), while permitting write-only access to the
whole backend, but nothing else. Idea is to make a separate replicator
account for each backend (better security, etc).

backend "ou=unit1,o=org,c=ru", owned by "cn=replicator1,o=org,c=ru"
backend "ou=unit2,o=org,c=ru", owned by "cn=replicator2,o=org,c=ru"
...
backend "ou=unitN,o=org,c=ru", owned by "cn=replicatorN,o=org,c=ru"

backend "o=org,c=ru", owned by "cn=manager,o=org,c=ru"
 entry: "cn=manager,o=org,c=ru"
 entry: "cn=replicator1,o=org,c=ru"
 entry: "cn=replicator2,o=org,c=ru"
 ...
 entry: "cn=replicatorN,o=org,c=ru"

Is it ever possible?

I appreciate Your help.
-- 
Best regards,
 Peter                          mailto:spam4octan@highway.ru

Prev by Date: Replication error: Unknown authentication method
Next by Date: odd pam_ldap configuration issues
Index(es):
- Chronological
- Thread