[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: memberOf search ACLs
Andrew Bartlett wrote:
The fix was to define rootdn globally (as the module operates globally),
and then to give it explicit manage access in an ACL. eg
I didn't even know that was possible at all.
access to dn.subtree="${DOMAINDN}"
by dn=cn=samba-admin,cn=samba manage
by dn=cn=manager manage
by * none
rootdn cn=Manager
Adding a rootdn to each database then quashed the warnings about 'rootdn
can always manage'.
Shall I file an ITS?
I need to investigate it a little bit more. But filing an ITS could be
a starting point, as the issue could get hairy.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando@sys-net.it
-----------------------------------