[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL question

To: openldap-software@OpenLDAP.org
Subject: ACL question
From: James Shvarts <ys2046@columbia.edu>
Date: Tue, 01 Oct 2002 10:21:25 -0400
References: <200210011402.g91E2nji031418@galois.openldap.org>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530

Hello all,

i have a the following context: ou=origin,dc=myorg,dc=org which contains users whose dn's are expressed in this form: uid=user1,ou=origin,dc=myorg,dc=org; uid=user2,ou=origin,dc=myorg,dc=org etc.

i also have a "replicator" account with the following dn: cn=replicator,dc=myorg,dc=org (while my rootdn is: cn=admin,dc=myorg,dc=org). the replicator account should be able to manipulate users within ou=origin,dc=myorg,dc=org in any possible way (insert,update,delete,search,etc).

i have a hard time coming up with a proper acl to allow relicator account to manipulate user entries. i tried adding the statement below to slapd.conf without any other acl rules. but if i try to retrieve all users with ldapsearch (binding as cn=replicator,dc=myorg,dc=org) i get: ldap_bind: Insufficient access (50).

access to dn=".*,ou=origin,dc=myorg,dc=org"
       by dn="cn=replicator,dc=nsdl,dc=org" write

i would appreciate any help
-- James

Follow-Ups:
- Re: ACL question
  - From: "Ace Suares" <ace@suares.nl>
- Re: ACL question
  - From: John Ziniti <jziniti@speakeasy.org>

Prev by Date: Backend-Shell (scripts defunct)
Next by Date: Re: Perl-Bakend Segmentation fault
Index(es):
- Chronological
- Thread