[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
access
the scenario:
Big Portal is a hosting company: bigportal.com
clients: client1.net, client2.org, client3.edu, ..., client10.com
i want only one person to be the ldap admin for bigportal and all its clients.
will this acl in slapd.conf suffice:
(note: the courier and qmail entries are the required user for my
qmail/courier-imap/ldap mail server)
(...snip...)
access to attr=userPassword
         by dn="cn=bigportal_admin,dc=*" write
         by dn="cn=courier,dc=*" read
         by dn="cn=qmail,dc=*" read
         by self write
         by * auth
access to *
         by dn="cn=bigportal_admin,dc=*" write
         by dn="cn=courier,dc=*" read
         by dn="cn=qmail,dc=*" read
         by self read
         by anonymous read
(...snip...)
what about this organizational role entry for bigportal_admin? can i do this ?
(excerpt from my ldif)
#organization entry for bigportal
dn: dc=bigportal,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: bigportal
o: bigportal
description: The Big Portal Company
#organizational role entry for bigportal
dn: cn=bigportal_admin,dc=*
objectClass: top
objectClass: organizationalRole
cn: bigportal_admin
description: Big Portal and Clients LDAP Admin
please advise.
--
roger
__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! 
http://auctions.yahoo.com