How to add admin users in 389 LDAP, fedora directory server

Posted by chandank on Server Fault See other posts from Server Fault or by chandank
Published on 2012-12-05T20:15:53Z Indexed on 2012/12/05 23:06 UTC
Read the original article Hit count: 281

Filed under:
|
|
|

I want to create couple of Admin users who have access to create/delete users on a particular group/Organization Unit. For example,

User: uid=testadmin, ou=people, dc=my,dc=net

Should have access to create new users/delete users under

ou=People,dc=my,dc=net

I tried with below ACI but did not work

(target = "ldap:///ou=People,dc=my,dc=net")(targetattr = "*") (version 3.0;acl "testadmin Permissions";allow (proxy)(userdn = "ldap:///uid=testadmin,ou=people,dc=my,dc=net");)

I am able to add administrative users from the Directory Server console, but this user data is not stored in ldif files and only stored in binary database at /var/lib/dirsrv/slap-ldap/db/. Only problem is these users have full power and I am not sure how to restrict their access.

© Server Fault or respective owner

Related posts about ldap

Related posts about openldap