tags:

views:

467

answers:

1

I would like to create a user similar to admin, but with restricted privs. The user would be able to create/read/delete objects under a certain DN in the directory, but not others.

+1  A: 

Typically, the native server providing the LDAP service has an ACL model.

Within that system, you can create users with appropriate trustee rights/ACLs.

For example, in eDirectory, you would grant this new user object BCRDI rights to the container of interest, then have your LDAP app authenticate as that user.

In Active Directory you can do the same thing.

In Open LDAP you can do the same thing.

The specific details depend on the server providing the LDAP service. (I like others, hate saying LDAP server, since really they are not LDAP servers. They are offering an LDAP service on top of whatever database they store objects in.)

geoffc
I'm using ApacheDS Studio to administer an ApacheDS LDAP service. I don't know what you mean above when you say BCRDI rights.
harschware