you could give access according to an dn
e.g.
access to *
by dn=Admin,... write
by * auth
Then, the Admin should have full access to anything ;-)
regards!
Rainer
-----Ursprüngliche Nachricht-----
Von: Alex Murphy [mailto:murphy@sgtp.samara.ru]
Gesendet: Do 1/15/2004 11:11
An: openldap-software@OpenLDAP.org
Cc:
Betreff: please help me !!!
Hello !! im use openldap 2.2.4
openldap compile with --enable-aci
in slapd.conf:
access to *
by * auth continue
by aci=OpenLDAPaci +rwscx
ME LDIF---------
# smim, ru
dn: o=smim,dc=ru
o: smim
objectClass: organization
openldapaci:
1.2.3.4#entry#grant;r,w,s,c;[entry];r,s,w,c;[all]#access-id#uid=Administrator,o=smim,dc=ru
# Administrator, smim, ru
dn: uid=Administrator,o=smim,dc=ru
cn: Administrator
uid: Administrator
objectClass: top
objectClass: account
objectClass: posixAccount
uidNumber: 1000
gidNumber: 1000
homeDirectory: /
description: Administrator
objectClass: sambaSamAccount
loginShell: /dev/null
sambaSID: S-1-5-21-3155955837-4108667622-3601602090-500
sambaPrimaryGroupSID:
S-1-5-21-3155955837-4108667622-3601602090-512
sambaLMPassword: xxxx
sambaNTPassword: xxxx
sambaAcctFlags: [UX ]
userPassword: password
--------------------------------------------------------
sw openldap # ldapsearch -D
uid=Administrator,o=smim,dc=ru -w password -b
o=smim,dc=ru
version: 2
#
# filter: (objectclass=*)
# requesting: ALL
#
# smim, ru
dn: o=smim,dc=ru
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
--------------------------
what other attribute and class ???? what grant full
access to o=smim,dc=ru
tree for uid=Administrator,o=smim,dc=ru ???
P.S. sorry, im bad speak from english.
Alexey.