0

I am newly working on openldap.

We have an application that will restrict users from deleting entities from ldap.

But if the user connects using python ldap module from console then there is no way of restricting.

Is it possible to restrict the users from executing "ldapdelete" directly?

We are using common user name(manager account) and password for all the users to connect to ldap. It is not possible to maintain different user accounts as there are 30000+ users and not possible to create separate accounts for all the users.

Please let me know how to go with this situation.

Thanks in advance.

Magnus Karlsson
  • 3,549
  • 3
  • 31
  • 57
user2753523
  • 473
  • 2
  • 8
  • 23

1 Answers1

0

Yes it's possible. You need to write an access control rule in the OpenLDAP comfiguration, that for example restricts deletion to admins. Building this sort of thing into an application is a waste of time while other applications and command lines exist. It must be configured at the server.

user207421
  • 305,947
  • 44
  • 307
  • 483