[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: unknown LDAP result code (-30990): using groups to manage ACL's
--On Friday, January 30, 2004 11:28 AM -0800 Chris Paul
<chris.paul@sentinare.net> wrote:
Now, as someone a bit green with OpenLDAP, I'm wondering what would be a
workaround or another way to create some roles in OpenLDAP?
What I'd like to do is be able to put a user in a "admin group". Or
populate another object (organizationalRole?) with admins. I don't want
to have to modify an ACL to add an administrator.
Any recipes anyone care to share?
We use groups. ;) But I haven't used back-ldap.
We basically have:
dn: cn=supervisor,cn=Applications,dc=stanford,dc=edu
objectClass: groupOfNames
cn: supervisor
member: uid=quanah,cn=Accounts,dc=stanford,dc=edu
# $Id: slapd.acl,v 1.126 2004/01/30 06:20:23 quanah Exp $
# ACL include file for slapd
#
access to dn.base=""
by * read
access to dn.base="cn=monitor"
by * read
access to *
by group.base="cn=Supervisor,cn=Applications,dc=stanford,dc=edu"
sasl_ssf=56 write
by group.base="cn=ldapAdmin,cn=Applications,dc=stanford,dc=edu"
sasl_ssf=56 read
by * break
[rest of acl's]
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html