[Date Prev][Date Next] [Chronological] [Thread] [Top]

Group based ACLS

To: openldap-technical@openldap.org
Subject: Group based ACLS
From: Indexer <indexer@internode.on.net>
Date: Fri, 21 May 2010 00:37:46 +0930

I have been reading http://www.openldap.org/doc/admin24/access-control.html and am evry interested in how sets can be applied to controlling ACLs. In the examples shown, all the relationships are tied to the user having an attribute such as a manager etc, but i would like to do this in reverse so that an account, lets say Admin, can only modify users that have an entry in a group such as

cn=Group,dc=example
memberUid: testuser

uid=testuser,dc=example
uid=someuser,dc=example

In this case Admin would be able to modify testuser, but not someuser. Is this possible, or do i need to enforce membership on the user as well such that 

uid=testuser,dc=example
memberOf: group

William

Prev by Date: Re: dynlist and group membership (libnss-ldap, posixGroup, samba)
Next by Date: use of server-side sorting and virtual list view controls blocks slapd
Index(es):
- Chronological
- Thread