Okay! I will take a look at that. Thank you! Amit
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Wednesday, June 26, 2013 2:55 AM To: Kumar, Amit; openldap-technical@openldap.org Subject: Re: Question on assigning a new user with admin role
Kumar, Amit wrote:
I have little experience with managing LDAP servers. Previously with just one file slapd.conf it was lot easier to assign a user a role of an admin, just by giving access to attrs=...by
With newer version of openldap-servers-2.4.23-26 on RHEL 6.x this is not the same, and hope you can help me understand this to assign access to user to be able to manage the directory.
So I began giving access to attrs=userPassword by self write by dn="NEW USER DN ...." write by * auth ...similarly I did this for all attributes I wanted this user to manage.
I made the above changes in my slapd.conf, but this does not allow the new user to manage the directory, he is just like any other user who can browse but not write to it.
What more do I need to do?
You should really make yourself more familiar with ACLs - especially giving rights to groups.
See slapd.access(5): http://www.openldap.org/software/man.cgi?query=slapd.access&apropos=0&am...
See FAQ-O-MATIC: http://www.openldap.org/faq/data/cache/189.html
Ciao, Michael.