Hi.
I have ldap tree which i'm trying to migrate from 389-ds to openldap, with structure like this:
o=company ou=admins uid=admin1 ... dc=domain ou=users uid=user1 service=service1 ... uid=user2 service=service2
At uid=user1,ou=users,dc=domain,o=company there is admin entry (and no admin entry in childrens) which points to uid=admin1,ou=admins,o=company. Now i want to grant access to all entries below uid=user1,ou=users,dc=domain,o=company to uid=admin1. In 389-ds it was easy, but in openldap it seems not easy to do. I tried to use: olcAccess: to dn.subtree="uid=*,ou=users,dc=domain,o=company" by dnattr="admin" but it grant access only uid=user1,ou=users,dc=domain,o=company and for no childrens access is granted. Maybe i'm doing something wrong or should i use other functionality to solve this problem? Any help will be appreciate.
Tomasz Lesniewski wrote:
I have ldap tree which i'm trying to migrate from 389-ds to openldap, with structure like this:
o=company ou=admins uid=admin1 ... dc=domain ou=users uid=user1 service=service1 ... uid=user2 service=service2
At uid=user1,ou=users,dc=domain,o=company there is admin entry (and no admin entry in childrens) which points to uid=admin1,ou=admins,o=company. Now i want to grant access to all entries below uid=user1,ou=users,dc=domain,o=company to uid=admin1. In 389-ds it was easy, but in openldap it seems not easy to do. I tried to use: olcAccess: to dn.subtree="uid=*,ou=users,dc=domain,o=company" by dnattr="admin" but it grant access only uid=user1,ou=users,dc=domain,o=company and for no childrens access is granted. Maybe i'm doing something wrong or should i use other functionality to solve this problem? Any help will be appreciate.
Something similar:
http://www.openldap.org/faq/data/cache/1005.html
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Tomasz Lesniewski