[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL question



Hello all,

i have a the following context: ou=origin,dc=myorg,dc=org which contains users whose dn's are expressed in this form: uid=user1,ou=origin,dc=myorg,dc=org;
uid=user2,ou=origin,dc=myorg,dc=org etc.


i also have a "replicator" account with the following dn: cn=replicator,dc=myorg,dc=org (while my rootdn is: cn=admin,dc=myorg,dc=org). the replicator account should be able to manipulate users within ou=origin,dc=myorg,dc=org in any possible way (insert,update,delete,search,etc).

i have a hard time coming up with a proper acl to allow relicator account to manipulate user entries. i tried adding the statement below to slapd.conf without any other acl rules. but if i try to retrieve all users with ldapsearch (binding as cn=replicator,dc=myorg,dc=org) i get: ldap_bind: Insufficient access (50).

access to dn=".*,ou=origin,dc=myorg,dc=org"
       by dn="cn=replicator,dc=nsdl,dc=org" write

i would appreciate any help
-- James