[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control config revisited



> I have read message 199910/msg0007:RE:Access control config (
> http://www.openldap.org/lists/openldap-software/199910/msg00006.html )
> and on the surface it looks like how we need to set up our ldap server.
>  We want to set up a directory structure that allows for an admin person
> from each department to administer their own users. Our primary use will
> be for employee lookup (their email, phone number, etc.) and for user
> authentication.  But the example used a directory tree with traditional
> naming.  Could the same thing be accomplished using the internet naming
> directory tree structure? And if so what would the ACL for the admin
> account look like?  Which structure is better for configuration,
> expandability, administration, searchability, etc.?

You don't say what software version you're going to use;
I hope you'll use a recent version (e.g. 2.1.25 or 2.2.X);
then you better look at more recent emails and docs.

I recommend the Admin Guide and slapd.access(5) man page,
and a recent thread

http://www.openldap.org/lists/openldap-software/200312/msg00331.html

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it