I'm running OpenLDAP 2.1.30 on a Gentoo linux system. I've been running
this with samba 3.0.14a very successfully for over a year. When I set
this system up, I followed the howto presented by idealx.org, and I've
been pretty happy with the results.
But, recently, I decided that logging in as root and/or cn=Manager to do
maintenance on the DIT was not a very good idea. I figured, having a
"Domain Admins" group defined in my ldap directory should provide me with
an excellent control for who can/cannot edit the DIT...
regretfully, the memberUID attribute only stores the shortname for users,
so this has complicated setting up acl's for superuser access to the
directory.
I discovered acl sets. But, I can't seem to get them working.