[turba] LDAP setup

Jean-Luc Wasmer jl.horde at wasmer.ca
Sat Aug 30 07:14:31 PDT 2003


> Suppose my address books reside in:
> 
>     ou=personal_addressbook, dc=ond, dc=tv2i, dc=dk
> 
> ...in which there is an organizationalUnit for each user.
> 
> 
> Now, in the ACL it says:
> 
> # Enforce ACL to personal address books
> access to dn="ou=(.+), ou=personal_addressbook, dc=ond, dc=tv2i, dc=dk"
>         by dn="uid=$1, dc=ond, dc=tv2i, dc=dk" write
> 
> Should I add an   uid=$1, dc=ond, dc=tv2i, dc=dk   for each user as well? And
> which objectclass should these be?

This is not very well documented I agree.

You need to bind so some user in the LDAP db.
I guess the only requirement is to use a objectclass that has the attribute
userPassword
like person in core.schema
I use organizationalPerson (derives from person) and uidObject (to have "MUST
uid") but there are many other classes you could use.

My users are in the (very common) following organizationalUnit:
ou=People,dc=....
In your case, this would be
ou=People, dc=ond, dc=tv2i, dc=dk

Having a organizationalUnit for your user db makes it simple to control
access...

access to dn="uid=(.+), ou=People, dc=ond, dc=tv2i, dc=dk"
        by self write
        by dn="uid=root, ou=People, dc=ond, dc=tv2i, dc=dk" write
        by * none


More information about the turba mailing list