Faraz R. Khan wrote:
So basically I can do:
to * by cn=admin,dc=company,dc=com add by cn=faraz,dc=company,dc=com zap
That is indeed not documented anywhere. Will start an ITS
Not exactly like that, but sort of:
access to * by "cn=admin,dc=company,dc=com" "=a" by "cn=faraz,dc=company,dc=com" "=z"
If those identities need further privileges (e.g. search or so) they must be explicitly listed, namely
access to * by "cn=admin,dc=company,dc=com" "=dxcsra" by "cn=faraz,dc=company,dc=com" "=dxcsrz"
See slapd.access(5) for details about the syntax and the meaning of each symbol.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: ando@sys-net.it -----------------------------------