--On Saturday, January 21, 2006 2:47 PM -0500 Robert Kean <[EMAIL PROTECTED]> wrote:
I'm running OpenLDAP 2.1.30 on a Gentoo linux system. I've been running this with samba 3.0.14a very successfully for over a year. When I set this system up, I followed the howto presented by idealx.org, and I've been pretty happy with the results. But, recently, I decided that logging in as root and/or cn=Manager to do maintenance on the DIT was not a very good idea. I figured, having a "Domain Admins" group defined in my ldap directory should provide me with an excellent control for who can/cannot edit the DIT... regretfully, the memberUID attribute only stores the shortname for users, so this has complicated setting up acl's for superuser access to the directory. I discovered acl sets. But, I can't seem to get them working.
I believe ACL sets weren't introduced until OpenLDAP 2.2. Of course, OpenLDAP 2.1 and 2.2 are historic releases now, and 2.3.X is the current release branch. You are running a very old version of OpenLDAP. ;)
--Quanah -- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
