Tomasz Lesniewski wrote:
I have ldap tree which i'm trying to migrate from 389-ds to
openldap, with
structure like this:
o=company
ou=admins
uid=admin1
...
dc=domain
ou=users
uid=user1
service=service1
...
uid=user2
service=service2
At uid=user1,ou=users,dc=domain,o=company there is admin entry (and no admin
entry in childrens) which points to uid=admin1,ou=admins,o=company. Now i want
to grant access to all entries below uid=user1,ou=users,dc=domain,o=company to
uid=admin1. In 389-ds it was easy, but in openldap it seems not easy to do. I
tried to use:
olcAccess: to dn.subtree="uid=*,ou=users,dc=domain,o=company" by
dnattr="admin"
but it grant access only uid=user1,ou=users,dc=domain,o=company and for no
childrens access is granted. Maybe i'm doing something wrong or should i use
other functionality to solve this problem? Any help will be appreciate.
Something similar:
http://www.openldap.org/faq/data/cache/1005.html
Ciao, Michael.