[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Implementing ACL, using non-local groups

To: Tio Teath <tioteath@gmail.com>
Subject: Re: Implementing ACL, using non-local groups
From: Howard Chu <hyc@symas.com>
Date: Thu, 27 Sep 2012 03:54:47 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <CAD++gkEsfj1UF03aN5T9xWND85posgHFZVfXd3wWmEczAt=mRw@mail.gmail.com>
References: <CAD++gkEsfj1UF03aN5T9xWND85posgHFZVfXd3wWmEczAt=mRw@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/18.0 Firefox/18.0 SeaMonkey/2.15a1

Tio Teath wrote:

Is it possible to implement ACL, using groups which are accessed via
ldap-proxy, i.e. non-local groups? I've managed to setup
authentication for users, which are in remote LDAP server only, but
looks like remote groups  are ignored in case of using 'group.exact='
statement.

Yes it is possible, assuming you have back-ldap configured appropriately. Youshould use acl-bind, see the slapd-ldap(5) manpage.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Implementing ACL, using non-local groups
  - From: Tio Teath <tioteath@gmail.com>

Prev by Date: Re: Appropriate index for <= >= filter on generalizedTime
Next by Date: Re: ldapsearch stalling when performing searches with a large number of results
Index(es):
- Chronological
- Thread