[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL group recursion feature...

To: Lee Jensen <lee_jensen@sento.com>
Subject: Re: ACL group recursion feature...
From: Pierangelo Masarati <ando@sys-net.it>
Date: Sat, 26 Feb 2005 09:28:50 +0100
Cc: openldap-devel@OpenLDAP.org
References: <1109365999.537.126.camel@localhost>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Lee Jensen wrote:

Hello,
I'm thinking of modifying LDAP to support recursion through groups so if
you're in an ACL and you have something like the following:
access to dn.exact="ou=foo,dc=directory"
 attrs=entry
 by group.recurse="cn=group,dc=directory" read
So say you have in your cn=group,dc=directory another group like group1
and it contains users. Those users would have read access to
ou=foo,dc=directory as well.
I'm curious if anyone is presently working on a feature like this. This is the first time I've done any development in LDAP so any pointers etc would be rather helpful.

What is everyone's thoughts would this kind of a feature be useful?

You can use

access to <whatever>
   by set="[cn=group,dc=directory]/member* & user" read

See <http://www.openldap.org/faq/data/cache/1133.html> for details.

p.

   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- ACL group recursion feature...
  - From: Lee Jensen <lee_jensen@sento.com>

Prev by Date: ACL group recursion feature...
Next by Date: Have OpenLDAP SRS and Design document?And where to get
Index(es):
- Chronological
- Thread