I am new to LDAP and would like to ask a very basic question. My apologies if this subject had already been discussed, but I cannot seem to find a good answer yet.

What is the best way to allow write access to LDAP, based on *nix user accounts? In other words, I would like user 'root' or 'abc' to be able to manipulate entries without needing the LDAP password. Is this possible? If it is, what is the most secure way?


PS: The user will have an account on the LDAP server machine