[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL group recursion feature...

Lee Jensen wrote:


I'm thinking of modifying LDAP to support recursion through groups so if
you're in an ACL and you have something like the following:
access to dn.exact="ou=foo,dc=directory"
 by group.recurse="cn=group,dc=directory" read

So say you have in your cn=group,dc=directory another group like group1
and it contains users. Those users would have read access to
ou=foo,dc=directory as well.

I'm curious if anyone is presently working on a feature like this. This
is the first time I've done any development in LDAP so any pointers etc
would be rather helpful.

What is everyone's thoughts would this kind of a feature be useful?

You can use

access to <whatever>
   by set="[cn=group,dc=directory]/member* & user" read

See <http://www.openldap.org/faq/data/cache/1133.html> for details.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497