[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ACL in a subordinate backend



I'm not having any trouble with this kind of ACL setup. Are you still having
problems with this configuration?

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Peter A.
> Savitch
> Sent: Wednesday, July 17, 2002 2:47 AM
> To: openldap-software@OpenLDAP.org
> Subject: ACL in a subordinate backend
>
>
> Hello OpenLDAP people.
>
> I'm trying to ACL a user in a OpenLDAP 2.1 `subordinate' backend.
> A user itself resides in superior. Whatever combinations of ACL I use,
> slapd stops on auth state (checked with level 128 debug). I use 2.1.3
> version of OpenLDAP.
>
> I'm making a multiple subordinate solution with
> replicas (my apologies to OpenLDAP team for the ITS#1947; just another
> hard monday). And I want to place replicator's account into the
> superior backend (root), while permitting write-only access to the
> whole backend, but nothing else. Idea is to make a separate replicator
> account for each backend (better security, etc).
>
> backend "ou=unit1,o=org,c=ru", owned by "cn=replicator1,o=org,c=ru"
> backend "ou=unit2,o=org,c=ru", owned by "cn=replicator2,o=org,c=ru"
> ...
> backend "ou=unitN,o=org,c=ru", owned by "cn=replicatorN,o=org,c=ru"
>
> backend "o=org,c=ru", owned by "cn=manager,o=org,c=ru"
>  entry: "cn=manager,o=org,c=ru"
>  entry: "cn=replicator1,o=org,c=ru"
>  entry: "cn=replicator2,o=org,c=ru"
>  ...
>  entry: "cn=replicatorN,o=org,c=ru"
>
> Is it ever possible?
>
> I appreciate Your help.
> --
> Best regards,
>  Peter                          mailto:spam4octan@highway.ru