[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl sets don't appear to work

To: openldap-software@OpenLDAP.org
Subject: Re: acl sets don't appear to work
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Sat, 21 Jan 2006 12:34:43 -0800
Cc: Robert Kean <rkean@keanconsulting.com>
Content-disposition: inline
In-reply-to: <43D28FE8.3000104@keanconsulting.com>
References: <43D28FE8.3000104@keanconsulting.com>

--On Saturday, January 21, 2006 2:47 PM -0500 Robert Kean <rkean@keanconsulting.com> wrote:

I'm running OpenLDAP 2.1.30 on a Gentoo linux system. I've been running

this with samba 3.0.14a very successfully for over a year. When I set
this system up, I followed the howto presented by idealx.org, and I've
been pretty happy with the results.

But, recently, I decided that logging in as root and/or cn=Manager to do
maintenance on the DIT was not a very good idea.  I figured, having a
"Domain Admins" group defined in my ldap directory should provide me with
an excellent control for who can/cannot edit the DIT...

regretfully, the memberUID attribute only stores the shortname for users,
so this has complicated setting up acl's for superuser access to the
directory.
I discovered acl sets.  But, I can't seem to get them working.

I believe ACL sets weren't introduced until OpenLDAP 2.2. Of course, OpenLDAP 2.1 and 2.2 are historic releases now, and 2.3.X is the current release branch. You are running a very old version of OpenLDAP. ;)

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: acl sets don't appear to work
  - From: Robert Kean <rkean@keanconsulting.com>

References:
- acl sets don't appear to work
  - From: Robert Kean <rkean@keanconsulting.com>

Prev by Date: acl sets don't appear to work
Next by Date: Re: acl sets don't appear to work
Index(es):
- Chronological
- Thread