Igor,
Igor Shmukler schrieb (20.03.2015 12:22 Uhr):
I do have entries for each database. If my suffix is, for example dc=test,dc=org, administrator would be cn=admin,dc=test,dc=org Administrators have manage access to their databases. This part is working fine. I add and remove records as needed. You also wrote one per database - this is exactly what I have. Unfortunately, despite all the help, I don't see how this is relevant.
I thought, this is what you want!?
The advice to read documentation is great. In fact, i never hurt.
I am happy to offer a bounty to person who can configure this. I need to keep my setup with one config databases with multiple DITs.
This is the basic standard. You only have one config database. And one or more data databases.
I need each DIT database to work as today
whatever this is ...
- be managed by an authenticated local/suffix root user.
one user per database was what I talked about. one admin/manange/root user for all databases is even simpler: just use the same user in all your databases.
What you cannot do (IMHO), is mapping _one_ system user to _many_ ldap users. But I don't think this is necessary.
I need a way to alter records in any/every DIT database using another root - one that would work on ALL DITs.
Use ACL!
If someone could do this before Sunday morning, please contact me to discuss compensation. If I don't get to a result by Sunday morning, I have to start changing the architecture so I can show something on Monday. :)
Good luck with that!
Marc