Hi Marc,
Thank you for reading my thread and trying to help.
I do have entries for each database. If my suffix is, for example dc=test,dc=org, administrator would be cn=admin,dc=test,dc=org Administrators have manage access to their databases. This part is working fine. I add and remove records as needed. You also wrote one per database - this is exactly what I have. Unfortunately, despite all the help, I don't see how this is relevant.
I thought, this is what you want!?
I want it, and it is working fine. This is however not ALL that I want.
This is the basic standard. You only have one config database. And one or more data databases.
You are obviously correct. Even I know this, by now.
I need each DIT database to work as today
whatever this is ...
- be managed by an authenticated local/suffix root user.
one user per database was what I talked about. one admin/manange/root user for all databases is even simpler: just use the same user in all your databases.
What you cannot do (IMHO), is mapping _one_ system user to _many_ ldap users. But I don't think this is necessary.
Right, I also think that we cannot map one user to many because mapping is done at config level, and there is one config per server. This was my point.
I need a way to alter records in any/every DIT database using another root - one that would work on ALL DITs.
Use ACL!
Makes sense. I just don't know how to get ACLs to work, nor does anyone else.
If someone could do this before Sunday morning, please contact me to discuss compensation. If I don't get to a result by Sunday morning, I have to start changing the architecture so I can show something on Monday. :)
Good luck with that!
Thank you. I need it. Otherwise, I will have to do a huge rewrite on Sunday. I would rather not have to do the marathon thing.
Sincerely,
Igor Shmukler