[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL in a subordinate backend
Hello OpenLDAP people.
I'm trying to ACL a user in a OpenLDAP 2.1 `subordinate' backend.
A user itself resides in superior. Whatever combinations of ACL I use,
slapd stops on auth state (checked with level 128 debug). I use 2.1.3
version of OpenLDAP.
I'm making a multiple subordinate solution with
replicas (my apologies to OpenLDAP team for the ITS#1947; just another
hard monday). And I want to place replicator's account into the
superior backend (root), while permitting write-only access to the
whole backend, but nothing else. Idea is to make a separate replicator
account for each backend (better security, etc).
backend "ou=unit1,o=org,c=ru", owned by "cn=replicator1,o=org,c=ru"
backend "ou=unit2,o=org,c=ru", owned by "cn=replicator2,o=org,c=ru"
...
backend "ou=unitN,o=org,c=ru", owned by "cn=replicatorN,o=org,c=ru"
backend "o=org,c=ru", owned by "cn=manager,o=org,c=ru"
entry: "cn=manager,o=org,c=ru"
entry: "cn=replicator1,o=org,c=ru"
entry: "cn=replicator2,o=org,c=ru"
...
entry: "cn=replicatorN,o=org,c=ru"
Is it ever possible?
I appreciate Your help.
--
Best regards,
Peter mailto:spam4octan@highway.ru