I have a little problem. I have a LDAP-directory with about twenty diffrent OUs.
The thing I want to have is a seperate administrator for each OU. So that admin one only can administrate OU one and admin two can only administrate OU two.
I've read, that the permissions are set over ACLs. Is this right? And I think, a ACL-entry is represented as an attribute in the entry. Is this right, too? So do I have to add an aclEntry-attribute to my OU? Or what do I have to do? I've also read about
the aclPropagate-attribute. I think I have to set this to true, so the administrator have access to all of the entries under his OU.
None
0 Points
1 Post
Subadminstration in a LDAP-directory
Sep 08, 2014 01:55 AM|Wuuz|LINK
Hi @ all,
I have a little problem. I have a LDAP-directory with about twenty diffrent OUs.
The thing I want to have is a seperate administrator for each OU. So that admin one only can administrate OU one and admin two can only administrate OU two.
I've read, that the permissions are set over ACLs. Is this right? And I think, a ACL-entry is represented as an attribute in the entry. Is this right, too? So do I have to add an aclEntry-attribute to my OU? Or what do I have to do? I've also read about the aclPropagate-attribute. I think I have to set this to true, so the administrator have access to all of the entries under his OU.
So, can anybody help me?
Thanks :)
Wuuz
All-Star
23975 Points
4084 Posts
Re: Subadminstration in a LDAP-directory
Sep 10, 2014 02:23 AM|Starain chen - MSFT|LINK
Hi Wuuz,
You may take a look at this article:
# Permissions and ACLs
http://dev.day.com/docs/en/cq/current/administering/security.html#Permissions and ACLs
Best Regards
Starain Chen