Okay! I will take a look at that. Thank you! Amit -----Original Message----- From: Michael Ströder [mailto:[email protected]] Sent: Wednesday, June 26, 2013 2:55 AM To: Kumar, Amit; [email protected] Subject: Re: Question on assigning a new user with admin role
Kumar, Amit wrote: > I have little experience with managing LDAP servers. Previously with just one > file slapd.conf it was lot easier to assign a user a role of an admin, just > by giving access to attrs=...by > > With newer version of openldap-servers-2.4.23-26 on RHEL 6.x this is not the > same, and hope you can help me understand this to assign access to user to be > able to manage the directory. > > So I began giving access to attrs=userPassword > by self write > by dn="NEW USER DN ...." write > by * auth > ...similarly I did this for all attributes I wanted this user to manage. > > I made the above changes in my slapd.conf, but this does not allow the new > user to manage the directory, he is just like any other user who can browse > but not write to it. > > What more do I need to do? You should really make yourself more familiar with ACLs - especially giving rights to groups. See slapd.access(5): http://www.openldap.org/software/man.cgi?query=slapd.access&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html See FAQ-O-MATIC: http://www.openldap.org/faq/data/cache/189.html Ciao, Michael.
