[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL and distributed directory
hello,
i'm curious if its possible to use acl (on server A) like this:
access to
dn.subtree="ou=zMRDB,ou=netmservice,o=netmldap"
by
dn.exact="ldaps://extranet2.net-m.de/cn=smsm_xms-route,ou=smsm,ou=ldapaccounts,ou=netm,ou=people,o=netmldap"
write
the problem is that i have different servers for distinct leaves of the
directory. server extranet2 handles ou=netm,ou=people,o=netmldap and
has superior knowledge information for o=netmldap pointing to another
server (lets call it server A).
now different applications accessing the data of server A but i want to
authorize this access via extranet2 where all my userobjects (and
application objects) are stored. maybe i have a wrong way of
approaching the problem and you can
help?!
what makes it more difficult is that extranet2 does not allow
anonymous reads, so somehow i have to provide a password when server A
is trying to access the leave ou=netm,ou=people,o=netmldap or can i
configure an acl like this on extranet2:
access to
dn.subtree="ou=smsm,ou=ldapaccounts,ou=netm,ou=people,o=netmldap"
by peername="<FQDN of server A>" read
thanx for your help!
regards,
carsten
6D1A 14B0 B36D 24A8 0517 9413 29BB 30A0 BE3D 4FAF
--
"The number of UNIX installations has grown to 10, with more
expected." (6/72)