Hi everydoby, I'm juggling with permissions and slapd.d configuration and I am having problems to allow access to the cn=config backend...
How can I allow access to users different to the backend's rootdn?
I tried inserting lines in file "olcDatabase={0}config.ldif" like:
olcAccess: to * by dn="uid=my_user, dc=my_domain, dc=com" read
or even
olcAccess: to * by * read
With no success...
After that I thought of creating a branch under the cn=config with users (something like "ou=people, cn=config") in order to allow access for them, but I get constraint problems...
Any suggestions?
José Marco wrote:
Hi everydoby, I'm juggling with permissions and slapd.d configuration and I am having problems to allow access to the cn=config backend...
How can I allow access to users different to the backend's rootdn?
In OpenLDAP 2.3 only the rootdn can access cn=config.
In OpenLDAP 2.4 you can set ACLs on cn=config just like any other database.
Thanks a lot, Howard, you saved me from a couple of unsuccessful hours of testing,hehe!
Howard Chu escribió:
José Marco wrote:
Hi everydoby, I'm juggling with permissions and slapd.d configuration and I am having problems to allow access to the cn=config backend...
How can I allow access to users different to the backend's rootdn?
In OpenLDAP 2.3 only the rootdn can access cn=config.
In OpenLDAP 2.4 you can set ACLs on cn=config just like any other database.
openldap-software@openldap.org
-
Howard Chu -
José Marco