[OpenLDAP] OpenLDAP Problematiche con ACL

Wed, 21 Nov 2007 08:43:35 -0800 

Prendendo come riferimento la seguente struttura:

o=ditta,c=it
|
°----°Rubrica
|    |
|    °----cn=admin
|    |
|    °----Amministrazione
|    |    |
|    |    °----cn=admin
|    |
|    °----Vendite
|    |    |
|    |    °----cn=admin
|    |
|    °----Magazino
|         |
|         °----cn=admin
|
°----Altro

e di seguto riportato l'ACL inserita in slapd.conf:

access to dn.subtree="ou=Amministrazione,ou=Rubrica,o=ditta,c=it"
        by dn="cn=admin,ou=Amministrazione,ou=Rubrica,o=ditta,c=it" write
        by dn.subtree="cn=admin,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=admin,ou=elenchinlinea,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=admin,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=anonymous,o=ditta,c=it" read
        by self write
        by anonymous auth

access to dn.subtree="ou=Vendite,ou=Rubrica,o=ditta,c=it"
        by dn="cn=admin,ou=Vendite,ou=Rubrica,o=ditta,c=it" write
        by dn.subtree="cn=admin,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=admin,ou=elenchinlinea,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=admin,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=anonymous,o=ditta,c=it" read
        by self write
        by anonymous auth

access to dn.subtree="ou=Magazino,ou=Rubrica,o=ditta,c=it"
        by dn="cn=admin,ou=Magazino,ou=Rubrica,o=ditta,c=it" write
        by dn.subtree="cn=admin,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=admin,ou=elenchinlinea,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=admin,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=anonymous,o=ditta,c=it" read
        by self write
        by anonymous auth

access to dn.subtree=",ou=Rubrica,o=ditta,c=it"
        by dn.subtree="cn=admin,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=admin,ou=elenchinlinea,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=admin,ou=Rubrica,o=ditta,c=it" write
        by dn="cn=anonymous,o=ditta,c=it" read
        by self write
        by anonymous auth

e tenuto conto che per ogni cn=admin e' impostata anche una userPassword.

La domanda e':

1) e' possibile inserire un utente cn=admin nel db che abbia i privileggi
   di scrittura nel suo ramo di pertinenza senza dover senpre aggiornare
   le ACL nel file slapd.conf.

2) se si prendendo in riferimento la struttura su riportata e' possibile
   fare un esempio.

Ringrazio anticipatamente.
Sofia Scarpa






_______________________________________________
OpenLDAP mailing list
[email protected]
https://www.sys-net.it/mailman/listinfo/openldap

Rispondere a