[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access to dn.subtree with dnatrr=attrname

To: openldap-technical@openldap.org
Subject: Access to dn.subtree with dnatrr=attrname
From: Tomasz Lesniewski <lessmian@lessmian.pl>
Date: Thu, 15 Jan 2015 12:00:40 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0

Hi.

I have ldap tree which i'm trying to migrate from 389-ds to openldap,with structure like this:


o=company
  ou=admins
    uid=admin1
    ...
  dc=domain
    ou=users
      uid=user1
        service=service1
        ...
      uid=user2
        service=service2

At uid=user1,ou=users,dc=domain,o=company there is admin entry (and noadmin entry in childrens) which points touid=admin1,ou=admins,o=company. Now i want to grant access to allentries below uid=user1,ou=users,dc=domain,o=company to uid=admin1. In389-ds it was easy, but in openldap it seems not easy to do. I tried to use:olcAccess: to dn.subtree="uid=*,ou=users,dc=domain,o=company" bydnattr="admin"but it grant access only uid=user1,ou=users,dc=domain,o=company and forno childrens access is granted. Maybe i'm doing something wrong orshould i use other functionality to solve this problem? Any help will beappreciate.


--
Pozdrawiam/Best regards
Tomasz Leśniewski

Follow-Ups:
- Re: Access to dn.subtree with dnatrr=attrname
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Update openldap version from 2.3.43 to latest
Next by Date: Re: back-sql deployment woes
Index(es):
- Chronological
- Thread