Hi Marc, Thank you for reading my thread and trying to help.
>> I do have entries for each database. If my suffix is, for example >> dc=test,dc=org, administrator would be cn=admin,dc=test,dc=org >> Administrators have manage access to their databases. This part is >> working fine. I add and remove records as needed. You also wrote one >> per database - this is exactly what I have. >> Unfortunately, despite all the help, I don't see how this is relevant. > > I thought, this is what you want!? I want it, and it is working fine. This is however not ALL that I want. > This is the basic standard. > You only have one config database. > And one or more data databases. You are obviously correct. Even I know this, by now. >> I need each DIT database to work as today > > whatever this is ... > >> - be managed by an authenticated local/suffix root user. > > one user per database was what I talked about. > one admin/manange/root user for all databases is even simpler: just use the > same user in all your databases. > > What you cannot do (IMHO), is mapping _one_ system user to _many_ ldap > users. But I don't think this is necessary. Right, I also think that we cannot map one user to many because mapping is done at config level, and there is one config per server. This was my point. >> I need a way to alter records in any/every DIT >> database using another root - one that would work on ALL DITs. > > Use ACL! Makes sense. I just don't know how to get ACLs to work, nor does anyone else. >> If someone could do this before Sunday morning, please contact me to >> discuss compensation. If I don't get to a result by Sunday morning, I >> have to start changing the architecture so I can show something on >> Monday. :) > > Good luck with that! Thank you. I need it. Otherwise, I will have to do a huge rewrite on Sunday. I would rather not have to do the marathon thing. Sincerely, Igor Shmukler
