Access control list for LDAP OU (Organisational Unit)

Asked Jul 29 '21 at 13:55

Active Aug 10 '21 at 10:16

Viewed 226 times

I am new to LDAP (currently using OpenLDAP 2.4) and I am struggling to define a ACL entry that will manage the various Access Levels for entries that are child entries of an OU.

The structure is as follows:

cn=user1,ou=users,dc=somedomain,dc=com
cn=user2,ou=users,dc=somedomain,dc=com

This is what I currently have, but when implemented, the children of the OU "users" don't have the access level as required:

access to dn.subtree="ou=users,dc=somedomain,dc=com" 
by dn.subtree="ou=users,dc=somedomain,dc=com" read
by * none

I would like to have all the children of the OU to only be able to read the contents of the OU and it's children.

Any help would be greatly appreciated.

Kind regards

edited Aug 10 '21 at 10:16

asked Jul 29 '21 at 13:55

JackOfAllTradesCoder

This is probably more of a system administration question and less of a software development question and thus more appropriate for https://serverfault.com. – larsks Aug 10 '21 at 14:08
@larsks thanks for the feedback. I'll rework the question and post it on serverfault. – JackOfAllTradesCoder Aug 13 '21 at 09:09

Access control list for LDAP OU (Organisational Unit)

0 Answers0