[Date Prev][Date Next] [Chronological] [Thread] [Top]

Need help on ACL

To: openldap-technical@openldap.org
Subject: Need help on ACL
From: Alexis GÜNST HORN <alexis.gunst@exascale-computing.eu>
Date: Mon, 03 Sep 2012 15:05:50 +0200
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20120317 Iceowl/1.0b1 Icedove/3.0.11

Hello to all,

I need your help with OpenLDAP ACL.

Here is my DIT :

dc=example,dc=com
   ou=Users
      uid=user1
      uid=user2
   ou=Groups
      cn=...
      cn=...

I use that to do Unix Auth with pam. It works fine.

Now, i need to modify my tree like that :


dc=example,dc=com
   ou=Users
      uid=user1
      uid=user2
      ou=Foo
         uid=user3
         uid=user4
   ou=Groups
      cn=...
      cn=...

So, I've added the OU "foo" to "Ou=Users".

In my network, all PCs are configured with pam_ldap reading"dc=example,dc=com". So, when i do :


$ getent passwd

I have :

user1
user2
user3
user4


What I want :

* if i'm "Ou=Users" member, for example "user1", with pam_ldap suffix :"dc=example,dc=com" :


$ getent passwd
user1
user2

* if i'm "Ou=Foo" member, for example "user_b", with pam_ldap suffix :"dc=example,dc=com" :


$ getent passwd
user3
user4

Is it possible to do so without modifying the DIT structure ? (only withACL ?)


Thanks a lot for your help.


--
Alexis GÜNST HORN
System administrator
Exascale Computing Research

Follow-Ups:
- Re: Need help on ACL
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re: Configuring ppolicy problem
Next by Date: Fixing a multi-master divergence
Index(es):
- Chronological
- Thread