[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using LDAP how to restrict users to certain applications only

To: "Geo P.C." <pcgeopc@gmail.com>, openldap-technical@openldap.org
Subject: Re: Using LDAP how to restrict users to certain applications only
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Tue, 07 May 2013 09:41:25 -0700
Content-disposition: inline
In-reply-to: <CAKtc8vWxRgEq6pL7y=nMQMFOGp+4GY5qgug1LrJT40Mzo0=vqQ@mail.gmail.com>
References: <CAKtc8vU+aMT4Q8Bc-_qyKDErGd8-q6NXJteDNrW0xKFaayJDjQ@mail.gmail.com> <CAKtc8vWxRgEq6pL7y=nMQMFOGp+4GY5qgug1LrJT40Mzo0=vqQ@mail.gmail.com>

--On Tuesday, May 07, 2013 11:11 AM +0530 "Geo P.C." <pcgeopc@gmail.com>wrote:



Please let me know is it possible to implement this idea?. Also please
let me know your thoughts.

It is trivial as long as your application has an application specific binddn. If it does, then you can restrict this via ACLs on the server side.For example:

access to dn.base="ou=users,dc=example,dc=com"filter="(myServiceAttr=zabbix)" attrs=uid,<other attrs> bydn.exact="cn=zabbix,cn=applications,dc=example,dc=com" read by * break

Each user entry would need to have "myServiceAttr" values that listed theservice(s) they had access to (such as zabbix).


--Quanah



--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- Using LDAP how to restrict users to certain applications only
  - From: "Geo P.C." <pcgeopc@gmail.com>
- Re: Using LDAP how to restrict users to certain applications only
  - From: "Geo P.C." <pcgeopc@gmail.com>

Prev by Date: Re: SSH Gateway
Next by Date: Re: dynamic group perfs
Index(es):
- Chronological
- Thread