[turba] LDAP setup
Jean-Luc Wasmer
jl.horde at wasmer.ca
Sat Aug 30 07:14:31 PDT 2003
> Suppose my address books reside in:
>
> ou=personal_addressbook, dc=ond, dc=tv2i, dc=dk
>
> ...in which there is an organizationalUnit for each user.
>
>
> Now, in the ACL it says:
>
> # Enforce ACL to personal address books
> access to dn="ou=(.+), ou=personal_addressbook, dc=ond, dc=tv2i, dc=dk"
> by dn="uid=$1, dc=ond, dc=tv2i, dc=dk" write
>
> Should I add an uid=$1, dc=ond, dc=tv2i, dc=dk for each user as well? And
> which objectclass should these be?
This is not very well documented I agree.
You need to bind so some user in the LDAP db.
I guess the only requirement is to use a objectclass that has the attribute
userPassword
like person in core.schema
I use organizationalPerson (derives from person) and uidObject (to have "MUST
uid") but there are many other classes you could use.
My users are in the (very common) following organizationalUnit:
ou=People,dc=....
In your case, this would be
ou=People, dc=ond, dc=tv2i, dc=dk
Having a organizationalUnit for your user db makes it simple to control
access...
access to dn="uid=(.+), ou=People, dc=ond, dc=tv2i, dc=dk"
by self write
by dn="uid=root, ou=People, dc=ond, dc=tv2i, dc=dk" write
by * none
More information about the turba
mailing list