[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Access to dn.subtree with dnatrr=attrname
- To: openldap-technical@openldap.org
- Subject: Access to dn.subtree with dnatrr=attrname
- From: Tomasz Lesniewski <lessmian@lessmian.pl>
- Date: Thu, 15 Jan 2015 12:00:40 +0100
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
Hi.
I have ldap tree which i'm trying to migrate from 389-ds to openldap,
with structure like this:
o=company
ou=admins
uid=admin1
...
dc=domain
ou=users
uid=user1
service=service1
...
uid=user2
service=service2
At uid=user1,ou=users,dc=domain,o=company there is admin entry (and no
admin entry in childrens) which points to
uid=admin1,ou=admins,o=company. Now i want to grant access to all
entries below uid=user1,ou=users,dc=domain,o=company to uid=admin1. In
389-ds it was easy, but in openldap it seems not easy to do. I tried to use:
olcAccess: to dn.subtree="uid=*,ou=users,dc=domain,o=company" by
dnattr="admin"
but it grant access only uid=user1,ou=users,dc=domain,o=company and for
no childrens access is granted. Maybe i'm doing something wrong or
should i use other functionality to solve this problem? Any help will be
appreciate.
--
Pozdrawiam/Best regards
Tomasz Leśniewski