Greetings,
First off, I'm sorry if this is the wrong place to ask this. Please direct me to the appropriate list.
Here goes with the n00b questions:
Debian Squeeze is using the dynamic configuration. While I am sure there are benefits, all the documentation is for static configuration (slapd.conf).
I've got a basic tree up and running and several services are using it no problem. There are several things I'd like to do, like replication. For this and some other services, SOGo for example, that don't bind anonymously, I'd like to create some more users for this. I could be mistaken, but perhaps they need some kind of admin privileges. If not, that means that any user can modify anything in the tree.
I see various information about ACI and ACL and access.conf. I can't find clear documentation about how any of this relates to dynamic configurations.
To conclude, how do I add additional users to a dynamic configured openldap tree and configure those users with specific access permissions?
Thank you,
Simon
On 10/19/12 12:36 +0900, Simon Walter wrote:
Debian Squeeze is using the dynamic configuration. While I am sure there are benefits, all the documentation is for static configuration (slapd.conf).
I've got a basic tree up and running and several services are using it no problem. There are several things I'd like to do, like replication. For this and some other services, SOGo for example, that don't bind anonymously, I'd like to create some more users for this. I could be mistaken, but perhaps they need some kind of admin privileges. If not, that means that any user can modify anything in the tree.
I'm not familiar with SOGo. A typical configuration might include a rootdn for configuration purposes, and one or more administrative users which are allowed piecemeal access to add/change your tree, restricted by ACLs.
Those administrative users can be user entries within your tree, or sasl (authc) identities.
I see various information about ACI and ACL and access.conf. I can't find clear documentation about how any of this relates to dynamic configurations.
See the manpage for slapd-config, and the OpenLDAP Administrator's Guide; Chapter 8 covers Access Control.
To conclude, how do I add additional users to a dynamic configured openldap tree and configure those users with specific access permissions?
*Adding* users shouldn't be any different (the tree itself is no different, only the configuration backend). ACL configuration for you will be a one-to-one mapping from the slapd.conf config statements, in whatever documentation you're reading, to the slapd-config dynamic config statements (compare the slapd.conf and slapd-config manpages).
On 10/19/2012 05:36 AM, Simon Walter wrote:
To conclude, how do I add additional users to a dynamic configured openldap tree and configure those users with specific access permissions?
Have you checked the Admin Guide on openldap.org? It has quite a lot of info about ACL and the dynamic backend.
Regards, Patrick
On 10/19/2012 11:39 PM, Patrick Lists wrote:
On 10/19/2012 05:36 AM, Simon Walter wrote:
To conclude, how do I add additional users to a dynamic configured openldap tree and configure those users with specific access permissions?
Have you checked the Admin Guide on openldap.org? It has quite a lot of info about ACL and the dynamic backend.
Thanks Patrick and Dan, I missed the slapd-config man page. Digging in now...
Simon
openldap-technical@openldap.org
-
Dan White -
Patrick Lists -
Simon Walter