I think this is the way to go - slapd config to allow certain
groups to write to the tree via dn.regex.
Thank you for the link.
On 11/30/2016 02:50 PM, Michael Ströder
Mario Rossi wrote:
Thank you for the information. We use both Puppet and Ansible to manage our
servers. Let me add more details:
1. An admin will build 10 new servers via cobbler and use puppet to deploy
2. The admin will create a ticket to SecurityTeam who manages
openldap to create 10 new ldap entries for the server itself.
Your security team should come up with a good concept how to delegate server
entry creation to the right admins.
There are existing approaches for OpenLDAP to achieve this:
sssd-users mailing list -- email@example.com
To unsubscribe send an email to firstname.lastname@example.org