[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL question
- To: openldap-software@OpenLDAP.org
- Subject: ACL question
- From: James Shvarts <ys2046@columbia.edu>
- Date: Tue, 01 Oct 2002 10:21:25 -0400
- References: <200210011402.g91E2nji031418@galois.openldap.org>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530
Hello all,
i have a the following context: ou=origin,dc=myorg,dc=org which contains
users whose dn's are expressed in this form:
uid=user1,ou=origin,dc=myorg,dc=org;
uid=user2,ou=origin,dc=myorg,dc=org etc.
i also have a "replicator" account with the following dn:
cn=replicator,dc=myorg,dc=org (while my rootdn is:
cn=admin,dc=myorg,dc=org). the replicator account should be able to
manipulate users within ou=origin,dc=myorg,dc=org in any possible way
(insert,update,delete,search,etc).
i have a hard time coming up with a proper acl to allow relicator
account to manipulate user entries. i tried adding the statement below
to slapd.conf without any other acl rules. but if i try to retrieve all
users with ldapsearch (binding as cn=replicator,dc=myorg,dc=org) i get:
ldap_bind: Insufficient access (50).
access to dn=".*,ou=origin,dc=myorg,dc=org"
by dn="cn=replicator,dc=nsdl,dc=org" write
i would appreciate any help
-- James