Thanks Michael,

I think this is the way to go - slapd config to allow certain groups to write to the tree via dn.regex.
Thank you for the link.

On 11/30/2016 02:50 PM, Michael Ströder wrote:
Mario Rossi wrote:
Thank you for the information. We use both Puppet and Ansible to manage our
servers. Let me add more details:

1. An admin will build 10 new servers via cobbler and use puppet to deploy
2. The admin will create a ticket to SecurityTeam who manages
openldap to create 10 new ldap entries for the server itself.
Your security team should come up with a good concept how to delegate server
entry creation to the right admins.

There are existing approaches for OpenLDAP to achieve this:

Ciao, Michael.

sssd-users mailing list --
To unsubscribe send an email to