AFP548 - Topic: Access configuration for Open Directory

This topic has 2 replies, 3 voices, and was last updated 15 years ago by kynes.

Viewing 3 posts - 1 through 3 (of 3 total)

Author

Posts
August 28, 2008 at 4:25 am #373913

fherbert
Participant

I’m trying to do a form of tiered administration whereby a certain OD group has write access to only certain OD computer lists and OD computers.

So far, I’ve created my own slapd_macosxserver_custom.conf and included it in /etc/openldap/slapd.conf

The entry I have tried is:

[code]access to dn.regex=”cn=*lab1*,cn=computers,dc=my,dc=full,dc=base”
by group=”cn=lab1admin,cn=groups,dc=my,dc=full,dc=base” write[/code]

Where lab1admin is the OD group I want to give access to any machine with lab1 in the name.

However when I log into workgroup manager as an OD user in the lab1admin group, i am unable to change any of the preferences of machines with lab1 in the name, I get a
“Error while saving record “computer name” Error: 14120

Any suggestions?

August 29, 2008 at 5:49 am #373937

Timothy Perfitt
Member

As of 10.5, you need to edit the directory access controls (DACLs) and other slapd setting directly in cn=config (not the same as cn=config,dc=,dc=) and changes take effect immediately.

March 29, 2010 at 12:30 am #378287

kynes
Participant

has anyone tried this on snow leopard ? i’m interested in setting up something like this at the university i work for.

when tperfitt says cn=config (not the same as cn=config,dc=,dc=) is that referring to config stuff that appears in the OLC config categories (that can be seen via the inspector tab in workgroup manager) ?
Author

Posts

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.