8:36 p.m.
Greetings,
First off, I'm sorry if this is the wrong place to ask this. Please
direct me to the appropriate list.
Here goes with the n00b questions:
Debian Squeeze is using the dynamic configuration. While I am sure there
are benefits, all the documentation is for static configuration
(slapd.conf).
I've got a basic tree up and running and several services are using it
no problem. There are several things I'd like to do, like replication.
For this and some other services, SOGo for example, that don't bind
anonymously, I'd like to create some more users for this. I could be
mistaken, but perhaps they need some kind of admin privileges. If not,
that means that any user can modify anything in the tree.
I see various information about ACI and ACL and access.conf. I can't
find clear documentation about how any of this relates to dynamic
configurations.
To conclude, how do I add additional users to a dynamic configured
openldap tree and configure those users with specific access permissions?
Thank you,
Simon
7:38 a.m.
On 10/19/12 12:36 +0900, Simon Walter wrote:
Debian Squeeze is using the dynamic configuration. While I am sure
there are benefits, all the documentation is for static configuration
(slapd.conf).
I've got a basic tree up and running and several services are using
it no problem. There are several things I'd like to do, like
replication. For this and some other services, SOGo for example, that
don't bind anonymously, I'd like to create some more users for this.
I could be mistaken, but perhaps they need some kind of admin
privileges. If not, that means that any user can modify anything in
the tree.
I'm not familiar with SOGo. A typical configuration might include a rootdn
for configuration purposes, and one or more administrative users which are
allowed piecemeal access to add/change your tree, restricted by ACLs.
Those administrative users can be user entries within your tree, or sasl
(authc) identities.
I see various information about ACI and ACL and access.conf. I
can't
find clear documentation about how any of this relates to dynamic
configurations.
See the manpage for slapd-config, and the OpenLDAP Administrator's Guide;
Chapter 8 covers Access Control.
To conclude, how do I add additional users to a dynamic configured
openldap tree and configure those users with specific access
permissions?
*Adding* users shouldn't be any different (the tree itself is no different,
only the configuration backend). ACL configuration for you will be a
one-to-one mapping from the slapd.conf config statements, in whatever
documentation you're reading, to the slapd-config dynamic config statements
(compare the slapd.conf and slapd-config manpages).
--
Dan White
7:39 a.m.
On 10/19/2012 05:36 AM, Simon Walter wrote:
To conclude, how do I add additional users to a dynamic configured
openldap tree and configure those users with specific access permissions?
Have you checked the Admin Guide on openldap.org? It has quite a lot of
info about ACL and the dynamic backend.
Regards,
Patrick
10:03 p.m.
On 10/19/2012 11:39 PM, Patrick Lists wrote:
On 10/19/2012 05:36 AM, Simon Walter wrote:
> To conclude, how do I add additional users to a dynamic configured
> openldap tree and configure those users with specific access
> permissions?
Have you checked the Admin Guide on openldap.org? It has quite a lot
of info about ACL and the dynamic backend.
Thanks Patrick and Dan, I missed the slapd-config man page. Digging in
now...
Simon
3992
days inactive
3993
days old
openldap-technical@openldap.org
3 comments
3 participants
participants (3)
-
Dan White -
Patrick Lists -
Simon Walter