[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access to dn.subtree with dnatrr=attrname



Tomasz Lesniewski wrote:
> I have ldap tree which i'm trying to migrate from 389-ds to openldap, with
> structure like this:
> 
> o=company
>   ou=admins
>     uid=admin1
>     ...
>   dc=domain
>     ou=users
>       uid=user1
>         service=service1
>         ...
>       uid=user2
>         service=service2
> 
> At uid=user1,ou=users,dc=domain,o=company there is admin entry (and no admin
> entry in childrens) which points to uid=admin1,ou=admins,o=company. Now i want
> to grant access to all entries below uid=user1,ou=users,dc=domain,o=company to
> uid=admin1. In 389-ds it was easy, but in openldap it seems not easy to do. I
> tried to use:
> olcAccess: to dn.subtree="uid=*,ou=users,dc=domain,o=company" by dnattr="admin"
> but it grant access only uid=user1,ou=users,dc=domain,o=company and for no
> childrens access is granted. Maybe i'm doing something wrong or should i use
> other functionality to solve this problem? Any help will be appreciate.

Something similar:

http://www.openldap.org/faq/data/cache/1005.html

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature