[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SOLVED Re: Can I do this with OpenLDAP acls?

To: openldap-software@OpenLDAP.org
Subject: Re: SOLVED Re: Can I do this with OpenLDAP acls?
From: Ace Suares <ace@suares.nl>
Date: Sat, 17 Apr 2004 14:06:55 -0400
Content-description: clearsigned data
Content-disposition: inline
In-reply-to: <4081589C.1030005@JustThe.net>
Organization: Ace Suares' Internet Consultancy
References: <407D5316.80408@JustThe.net> <1082025988.6839.11.camel@localhost> <4081589C.1030005@JustThe.net>
User-agent: KMail/1.5.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> access to attr=userPassword
>          by self write
>          by dnattr="masterAccount" write
>          by * auth

Interesting.

But then again, you'd need to update all accounts if you wanted to add another 
administrator. If you where using sets, or groups, you'd just add an 
attribute in the new administators entry (sets) or add the new administrators 
DN to the group (groups).

But it's a very interesting solution for some cases, especially where you have 
some setup where an account can create a limited number of subaccounts that 
are not directly under that account.

Good stuff!

_Ace

website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQFAgXI/y7boE8xtIjURAkdRAJ9qG4qIUQaj1M/6g/s0TmFREImikgCfUZ29
6P6Tr5bXQ55rUnFID0fxKII=
=Es/p
-----END PGP SIGNATURE-----

References:
- Can I do this with OpenLDAP acls?
  - From: Steve Sobol <sjsobol@JustThe.net>
- Re: Can I do this with OpenLDAP acls?
  - From: Tony Earnshaw <tonye@billy.demon.nl>
- SOLVED Re: Can I do this with OpenLDAP acls?
  - From: Steve Sobol <sjsobol@JustThe.net>

Prev by Date: slapd.conf include with globbing?
Next by Date: Re: adding access control for replication user
Index(es):
- Chronological
- Thread