Delegate administration rights to OU in OpenLDAP?

openldap

How would I allow a user to administer subordinates of only a single OU in an OpenLDAP directory? The goal here is I want the user to be able to create and update users under a specific OU only.

I sure miss Active Directory... :)


Solution 1:

By using OpenLDAP Access Control Lists. You need to put to your slapd.conf a new line similar to this under to that specific OU's slapd.conf entry:

access to dn.subtree="ou=yourou,dc=yourdomain,dc=com"
by dn.exact="cn=youradministratoruser,ou=yourou,dc=yourdomain,dc=com"
(other ACL rules go here)

Related

Postfix unknown command
147GB vs. 146GB HP Drives
OpenSSH, cannot disable password login [closed]
Error: Could not execute mail delivery program '/usr/sbin/sendmail'
ntp security best practice with instance on AWS
Is there a way i can see why Squid (Proxy Server) determines why a resources should be a MISS?
HTTPS reverse proxy for HTTP-only web service
Amazon S3 tools for Debian?
Iptables --to seems to work in place of --to-destination, should it?
Network Question
Why item display undefine? [duplicate]
H2O single node Vs cluster