On Thu, 2007-05-10 at 00:29 +0930, Shane wrote: > Hopefully someone will correct me if I'm wrong but as far as I'm aware > you cannot log in as an ou object. > > I'd has setup and admin user for dn: ou=Support,o=Real Softservice eg: > > cn=admin,ou=Support,o=Real Softservice > > then create an ACL like > > access to dn.base="ou=Support,o=Real Softservice" > by dn.exact="cn=admin,ou=Support,o=Real Softservice" write > by * read
Such ACL is just fine and understandable for me, but in my case I have 3000 ou in my ldap repository belonging to more than 1500 'o' entries, and each ou have many persons in it, each 'o' and 'ou' need to login, if I use your syntax I will need to add 4500 ACL rules to my slapd.conf and buy a super powerful computer for that...
