dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to attrs=userPassword
by self write
by group.exact="cn=ldap_admins,ou=Groups,dc=wildberries,dc=ru" write
by anonymous auth
by * none
olcAccess: to *
by self write
by group.exact="cn=ldap_admins,ou=Groups,dc=wildberries,dc=ru" write
by * read
and applied on another OpenLDAP ldapmodify -Y EXTERNAL -H
ldapi:/// -f acladm.ldif
However, a member of the ldap_admins group does not have full access.
If you don't mind, can you help ?
1) is the acl correct ?
2) Is it possible to make an acl for POSIX group in a different way ?
--On Tuesday, August 11, 2020 1:55 PM +0000 Клеусов Владимир Сергеевич <
Kleusov.Vladimir@wildberries.ru> wrote:
by group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com write
You're missing an end quote.
group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com" <-----
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<
http://www.symas.com>