[Date Prev][Date Next] [Chronological] [Thread] [Top]

and more about roles :)

To: openldap-software@OpenLDAP.org
Subject: and more about roles :)
From: Piotr Wadas <pwadas@jewish.org.pl>
Date: Tue, 13 Apr 2004 08:54:37 +0200 (CEST)

Hello :)
OpenLDAP 2.1.29/bdb 4.2.52/i386 :-)

I addition to my previous question about roles
Let's say I'm ISP. I created accounts in my "ou=People".
But because I store services (apache,mail,dns) configuration
in LDAP, I'd like to have a role which says 
"I can edit/change entries under dc=systemwide,dc=mydomain.com"
and next make account to be member of this role, instead
of setting acl/aci per userobject or per entry..

What this is going to be used for? E.g. I have account "username"
which is able to add aliases or virtualhosts (mod_cfg_ldap) but
only for entries which dn's contains "mydomain.com".
Of course this can be done with "access" in slapd.conf or some
aci attribute at the user's object, however it would be more simple
to create a role for each domain, which says what I mentioned above,
and then assign one or more users with this role.

So where can I find more information about this, and is it possible
in openldap 2.1.29/bdb 4.2.52/i386 ? 
Regards
Piotr

Prev by Date: Role-based whatever in OpenLDAP
Next by Date: Re: Rejected NLS in DN
Index(es):
- Chronological
- Thread