Hi, How can I define a admin group for my directory? Currently I have one admin account, the one that was created during installation, cn=Manager, dc=my-domain, dc=com. I would like to create a group for example cn=ldap-admins,dc=my-domain,dc=com and then make users member of this group to grant them privilege to do admin work on the directory similar to cn=Manager.
I suppose I have to add access rules. But where and how I don't know. Thanks, Onno
On 01/05/13 12:27 +0100, Onno van der Straaten wrote:
How can I define a admin group for my directory? Currently I have one admin account, the one that was created during installation, cn=Manager, dc=my-domain, dc=com. I would like to create a group for example cn=ldap-admins,dc=my-domain,dc=com and then make users member of this group to grant them privilege to do admin work on the directory similar to cn=Manager.
The admin account you reference is the rootdn, which has no ACL restrictions.
I suppose I have to add access rules. But where and how I don't know.
Right. You'd create a group, and then configure your ACLs appropriately. See section 8.4.4 of the OpenLDAP Administrator's Guide for an example, and the slapd.access and slapacl manpages.
openldap-technical@openldap.org