Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
mikeemaine2019-03-27 06:56:51
linux
mikeemaine, 2019-03-27 06:56:51

How to give write access to an LDAP user?

There is a fresh ubuntu server with fresh slapd. The user base is used for external applications like mail and so on. How to create a user besides the administrator, who will have permissions to write and edit certain branches? Or promote an existing user to such rights. Thanks

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Artyom Brykin, 2019-04-04
@MindPhaser34

I remember at the time when OpenLDAP stood instead of AD, it was necessary to somehow create a user who could read the entire directory and pull out a list of users. The meaning is something like this:
We look at the current admin rights:
We need to do the same.
Create an LDIF file with the following content:
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to dn.sub="dc=example,dc=com"
by self write
by anonymous auth
and load it into LDAP:
You need to do something similar, but to edit a specific branch with sub-branches, you can read more here:
www.openldap.org/doc/admin24/access-control.html
https://pro-ldap.ru/books/openldap -ubuntu-in-pract...
If possible, post the contents of your ldif, I think someone will need it as an example.

Report
M
mikeemaine, 2019-09-09
@mikeemaine

I solved my question in this way:
1) Get the rights cn=config (as I understand it, like the main admin) - changing them
in .ldif (create a file with the following content)
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: your password
after sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f filename.ldif
2) give permissions from far branches to root branches.
ldapmodify -D cn=config -H ldapi:/// -W -f file.ldif
example import format
Anonymous can log in and read. Those listed can write to their own branches. The lower a user is in this list of topics in the more root branches he has access to
Permissions-Rules to each branch to write from the more specific to the more general.
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to dn.subtree="ou=Veterinary Services ou=Services Committees and Others,ou=addressbook,dc=blabla,dc=en"
by dn="cn=vet,ou=Veterinary Services, ou=Services Committees and Others,ou=addressbook,dc=blablal,dc=en" manage
by anonymous read
by * read
olcAccess: to dn.subtree="ou=Departments, ou=addressbook,dc=blabla,dc=ru"
by dn="cn=editor,ou=Development Department ,ou=Department,ou=addressbook,dc=blabla,dc=ru" manage
by anonymous read
by * read
olcAccess: to dn.subtree="ou=addressbook,dc=blabla,dc=ru"
by dn="uid=myuser,ou=addressbook,dc=blabla,dc=ru"manage
by anonymous read
by * read
olcAccess: to *
by self read
by * read

Similar questions
V
v1z2012-12-11 11:51:12
Delay and brakes in the network, debian + samba 1Reply
C
cyberhaze2018-05-08 19:37:54
Iptables: how to redirect TCP/UDP connections from external clients to another external IP? 2Reply
M
Mikhail Charugin2015-12-29 18:10:01
Is there an equivalent of Cache My Work or SmartClose on Debian-based distributions? 1Reply
N
noname902015-12-30 09:02:27
How to reset saved ftp password in nautilus in debian 8? 2Reply
4
400W2021-08-19 22:18:39
ALTLINUX. Why doesn't it let me into the system? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question