LDAP

From The System Administrator Zone

dap_sasl_interactive_bind_s error

You compiled with sasl; however you're trying to perform a simple bind, so you need to use the '-x' switch.

How to get status information from an OpenLDAP server?

ldapsearch -x -s base -b'cn=manager,dc=equoria,dc=net' 'objectclass=*'

ACL: dealing with children

access to dn=".*,dc=example,dc=com"

This ACL targets all attributes of all entries under dc=example,dc=com, but not dc=example,dc=com itself.

Since this ACL targets all attributes, those subjects granted write may also add entries under these target entries as described in the next paragraph.

access to dn="dc=example,dc=com" attrs=children

This ACL targets the children psuedo-attribute of dc=example,dc=com.

Subjects which are granted "write" may add, rename, or delete entries whose parent is dc=example,dc=com.

=== access to dn.children="dc=example,dc=com"

This is equivelent to dn=".*,dc=example,dc=com" (above).

access to dn.subtree="dc=example,dc=com"

This ACL targets all attributes of dc=example,dc=com as well as all attributes of all entries under dc=example,dc=com.

access to dn="dc=example,dc=com"

This targets all attributes of entry "dc=example,dc=com".

access to dn.children="dc=example,dc=com" attrs=children

This ACL targets the children psuedo-attribute of all entries under dc=example,dc=com, but not dc=example,dc=com itself.

For those subjects with "write" permission, the ACL would allow those subjects to add entries under any of the target entries.