Igor,
Igor Shmukler schrieb (20.03.2015 11:59 Uhr):
- or make your first steps with ACLs and another user entry.
What do I do here?
read about ACL in the man pages and the admin guide!?
Do you need multiple mappings?
I understand that config database would allow me to have unto fifty
mapping. I just don't understand those could work for my need.
As you are one user on your system, this maps to one user in ldap with
olcAuthzRegexp.
As Micheal already posted:
authz-regexp
"gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
"cn=root,dc=example,dc=com"
uid 0 (from your system) maps to ldap entry cn=root,dc=example,dc=com.
I don't understand how this COULD work. Please explain why admin in
DIT 1 would have manage right to DIT 2.
He don't have to! But he can.
Go back to:
- Configure a rootdn with rootpw for each database. Use this to
authenticate to slapd und modify things.
This works? Fine, go on.
- Create a user entry inside your DIT
_for every database admin you want_.
Use _these entries_ as rootdn (one per database!).
This works? Fine, go on.
- Delete the rootdn from config and make the user entry admin by an ACL.
Marc
