[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf search ACLs



Andrew Bartlett wrote:

The fix was to define rootdn globally (as the module operates globally),
and then to give it explicit manage access in an ACL.  eg

I didn't even know that was possible at all.

access to dn.subtree="${DOMAINDN}"
       by dn=cn=samba-admin,cn=samba manage
       by dn=cn=manager manage
       by * none

rootdn cn=Manager

Adding a rootdn to each database then quashed the warnings about 'rootdn
can always manage'.

Shall I file an ITS?

I need to investigate it a little bit more. But filing an ITS could be a starting point, as the issue could get hairy.


p.


Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------