[Date Prev][Date Next]
Re: ACL group recursion feature...
Lee Jensen wrote:
I'm thinking of modifying LDAP to support recursion through groups so if
you're in an ACL and you have something like the following:
access to dn.exact="ou=foo,dc=directory"
by group.recurse="cn=group,dc=directory" read
So say you have in your cn=group,dc=directory another group like group1
and it contains users. Those users would have read access to
ou=foo,dc=directory as well.
I'm curious if anyone is presently working on a feature like this. This
is the first time I've done any development in LDAP so any pointers etc
would be rather helpful.
What is everyone's thoughts would this kind of a feature be useful?
You can use
access to <whatever>
by set="[cn=group,dc=directory]/member* & user" read
See <http://www.openldap.org/faq/data/cache/1133.html> for details.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497