[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL question



Rick,
thanks for your suggestion.
actually, i believe that replicator account (if it's not a rootdn of the ldap server), needs to be granted replication access with acl directives. my replica worked well with master when the replicator was an admin in the slave ldap instance and i started getting ldap_bind: Insufficient access (50) when i created a separate replicator account within the slave instance only.


so, i guess there are two options here:
1) make replicator the rootdn of the slave
2) create a separate replicator within the slave and grant it all priviliges using acl's
which way is recommended?


as for my original question, replicator is just an example. i also have an account that is granted all privileges within ou=origin,dc=myorg,dc=org, while the other account operates on ou=target,dc=myorg,dc=org , etc. so the syntax that i originally asked for will be helpful for several different accounts that i have.

thanks again, everyone
--James


Rick van Rein wrote:

Hi James Shvarts,

Before responding, let me say that I'm uncertain if updates fall under the
normal ACL regime.  I would have used another approach.



i have a the following context: ou=origin,dc=myorg,dc=org which contains users [...]



A context being a database/backend right? So it has a line
suffix "ou=origin,dc=myorg,dc=org"


yes