How to add admin users in 389 LDAP, fedora directory server
Posted
by
chandank
on Server Fault
See other posts from Server Fault
or by chandank
Published on 2012-12-05T20:15:53Z
Indexed on
2012/12/05
23:06 UTC
Read the original article
Hit count: 281
I want to create couple of Admin users who have access to create/delete users on a particular group/Organization Unit. For example,
User: uid=testadmin, ou=people, dc=my,dc=net
Should have access to create new users/delete users under
ou=People,dc=my,dc=net
I tried with below ACI but did not work
(target = "ldap:///ou=People,dc=my,dc=net")(targetattr = "*") (version 3.0;acl "testadmin Permissions";allow (proxy)(userdn = "ldap:///uid=testadmin,ou=people,dc=my,dc=net");)
I am able to add administrative users from the Directory Server console, but this user data is not stored in ldif files and only stored in binary database at /var/lib/dirsrv/slap-ldap/db/. Only problem is these users have full power and I am not sure how to restrict their access.
© Server Fault or respective owner