[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control config revisited

To: <rickmesh01@netscape.net>
Subject: Re: Access control config revisited
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Mon, 22 Dec 2003 23:48:21 +0100 (CET)
Cc: <OpenLDAP-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <64488CFC.3F1C4C6D.104D4403@netscape.net>
References: <64488CFC.3F1C4C6D.104D4403@netscape.net>

> I have read message 199910/msg0007:RE:Access control config (
> http://www.openldap.org/lists/openldap-software/199910/msg00006.html )
> and on the surface it looks like how we need to set up our ldap server.
>  We want to set up a directory structure that allows for an admin person
> from each department to administer their own users. Our primary use will
> be for employee lookup (their email, phone number, etc.) and for user
> authentication.  But the example used a directory tree with traditional
> naming.  Could the same thing be accomplished using the internet naming
> directory tree structure? And if so what would the ACL for the admin
> account look like?  Which structure is better for configuration,
> expandability, administration, searchability, etc.?

You don't say what software version you're going to use;
I hope you'll use a recent version (e.g. 2.1.25 or 2.2.X);
then you better look at more recent emails and docs.

I recommend the Admin Guide and slapd.access(5) man page,
and a recent thread

http://www.openldap.org/lists/openldap-software/200312/msg00331.html

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

References:
- Access control config revisited
  - From: rickmesh01@netscape.net

Prev by Date: Access control config revisited
Next by Date: RE: can't contact ldap server (81)
Index(es):
- Chronological
- Thread