Hi,
I have been trying to understand configuration OpenLDAP for a while. It is a challenge for me. Even people on this list, who know OpenLDAP [unlike your's truly] are at times contradicting one another. As we see from this thread, there are others confused about access configuration, too. If not for your and others' help, I would not even understand as much.
Seems to me that not many know how to write ACLs for OpenLDAP. This is obviously moot. I just need to figure out what can done, this time. I am not an administrator. If I can get my program, utilizing OpenLDAP as a backend, to work, I will be happy enough. :)
Of course, unless someone suggests something that works, I have no choice but analyze every example out there, at least for a bit longer. I figure that if nothing comes through by Sunday, it should consider throwing backend away and switching to a different architecture. Obviously OpenLDAP works well, but if I am not smart enough to get it to work as needed, it is not much good to me.
Sincerely,
Igor Shmukler
On Friday, March 20, 2015, Michael Ströder michael@stroeder.com wrote:
Igor Shmukler wrote:
If there is no way to grant access to all records across all databases to cn=config [because it is not a user], I would go for having a [different] user who can delete records in multiple DITs[, by invoking LDAPI or whatever].
You should really analyze this example configuration:
https://build.opensuse.org/package/view_file/home:stroeder:branches:network:...
Ciao, Michael.