[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question on assigning a new user with admin role



Kumar, Amit wrote:
> I have little experience with managing LDAP servers. Previously with just one file slapd.conf it was lot easier to assign a user a role of an admin, just by giving access to attrs=...by
> 
> With newer version of openldap-servers-2.4.23-26  on RHEL 6.x this is not the same, and hope you can help me understand this to assign access to user to be able to manage the directory.
> 
> So I began giving access to attrs=userPassword
>             by self write
>             by dn="NEW USER DN ...." write
>             by * auth
> ...similarly I did this for all attributes I wanted this user to manage.
> 
> I made the above changes in my slapd.conf, but this does not allow the new user to manage the directory, he is just like any other user who can browse but not write to it.
> 
> What more do I need to do?

You should really make yourself more familiar with ACLs - especially giving
rights to groups.

See slapd.access(5):
http://www.openldap.org/software/man.cgi?query=slapd.access&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html

See FAQ-O-MATIC:
http://www.openldap.org/faq/data/cache/189.html

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature