Good evening all, my name is Jan Braun. I am just fiddling with my DEBIAN system at home, specially with LDAP. Therefore I was reading http://wiki.debian.org/LDAP/OpenLDAPSetup and struggled about this paragraph: > > Access controls for subtree-specific LDAP Admins > > If you choose to use LDAP for many functions, such as having a single server for DNS, Authentication, and networking flat file database replacement, you may wish to have LDAP administrative users for each subtree in addition to the global admin (dn="cn=admin, dc=example, dc=com). The following example is useful when using a separate authentication tree which includes Samba. > > > # The manager dn has full write access to the auth subtree > # Everyone else has read access to not otherwise protected fields and entries > access to dn.sub="ou=auth,dc=example,dc=com" > by dn="cn=Manager,ou=auth,dc=example,dc=com" write > by * read as far as I have understood this theme, there should be a correction and addition. First, the global admin is dn="cn=admin,dc,example,dc=net" (There should be an '"' at the end of the DN.) I am convinced, that the second line of the config example should also use this DN. Hence, it should be by dn="cn=admin,ou=auth,dc=example,dc=com" write If I am correct in that assumption, there should be a second ACL for the extra administrative user. Something like this: by dn="cn=auth-admin,ou=auth,dc=example,dc=com" write (I got myself an account for wiki.debian.org and can meanwhile change this. I was not sure, if that would be the correct and kind way to do so. I missed a discussion button, as I experienced it on wikipedia.) Sincerely Jan -- Dipl.-Ing. Jan Braun Leiter IT-Cluster Rechenzentrum <Braun@rz.tu-clausthal.de> TU Clausthal http://www.rz.tu-clausthal.de/ Erzstraße 51 Tel.: 0 53 23 / 72-22 50 38678 Clausthal-Zellerfeld Fax.: 0 53 23 / 72-35 36 === ypchsh /usr/local/bin/emacs :-) (-: ``Go FORTH now and create ...'' ===
Attachment:
smime.p7s
Description: S/MIME cryptographic signature