Re: Acl for admin group

Wed, 12 Aug 2020 08:04:47 -0700 

Thanks. I fixed

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to attrs=userPassword
  by self write
  by group.exact="cn=ldap_admins,ou=Groups,dc=wildberries,dc=ru" write
  by anonymous auth
  by * none
olcAccess: to *
  by self write
  by group.exact="cn=ldap_admins,ou=Groups,dc=wildberries,dc=ru" write
  by * read

 and applied on another OpenLDAP ldapmodify -Y EXTERNAL -H ldapi:/// -f 
acladm.ldif

However, a member of the ldap_admins group does not have full access.

If you don't mind, can you help ?
1) is the acl correct ?
2) Is it possible to make an acl for POSIX group in a different way 
?[cid:9AE1E1EF-84EE-499C-B664-8834BBAA23B7]
11 авг. 2020 г., в 18:45, Quanah Gibson-Mount 
<[email protected]<mailto:[email protected]>> написал(а):



--On Tuesday, August 11, 2020 1:55 PM +0000 Клеусов Владимир Сергеевич 
<[email protected]<mailto:[email protected]>> wrote:

 by group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com write


You're missing an end quote.

group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com" <-----

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
  • Acl for admin group Клеусов Владимир Сергеевич
    • Re: Acl for admin ... Quanah Gibson-Mount
      • Re: Acl for ad... Клеусов Владимир Сергеевич
        • Re: Acl fo... Quanah Gibson-Mount
          • Re: Ac... Клеусов Владимир Сергеевич
            • R... Quanah Gibson-Mount
              • ... Клеусов Владимир Сергеевич
                • ... Quanah Gibson-Mount
                • ... Клеусов Владимир Сергеевич
                • ... Quanah Gibson-Mount
                • ... Клеусов Владимир Сергеевич

Reply via email to