[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Dynamic configuration / admin users
On 10/19/12 12:36 +0900, Simon Walter wrote:
Debian Squeeze is using the dynamic configuration. While I am sure
there are benefits, all the documentation is for static configuration
(slapd.conf).
I've got a basic tree up and running and several services are using
it no problem. There are several things I'd like to do, like
replication. For this and some other services, SOGo for example, that
don't bind anonymously, I'd like to create some more users for this.
I could be mistaken, but perhaps they need some kind of admin
privileges. If not, that means that any user can modify anything in
the tree.
I'm not familiar with SOGo. A typical configuration might include a rootdn
for configuration purposes, and one or more administrative users which are
allowed piecemeal access to add/change your tree, restricted by ACLs.
Those administrative users can be user entries within your tree, or sasl
(authc) identities.
I see various information about ACI and ACL and access.conf. I can't
find clear documentation about how any of this relates to dynamic
configurations.
See the manpage for slapd-config, and the OpenLDAP Administrator's Guide;
Chapter 8 covers Access Control.
To conclude, how do I add additional users to a dynamic configured
openldap tree and configure those users with specific access
permissions?
*Adding* users shouldn't be any different (the tree itself is no different,
only the configuration backend). ACL configuration for you will be a
one-to-one mapping from the slapd.conf config statements, in whatever
documentation you're reading, to the slapd-config dynamic config statements
(compare the slapd.conf and slapd-config manpages).
--
Dan White