[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DN design - yet another newbie question

To: Bennett Samowich <brs@ben-tech.com>
Subject: Re: DN design - yet another newbie question
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 16 Jun 2000 12:22:47 -0700
Cc: openldap-general@OpenLDAP.org
In-reply-to: <4.2.0.58.20000616144307.00a929f0@mail.ben-tech.com>

At 02:51 PM 6/16/00 -0400, Bennett Samowich wrote:
>I have been told that it is good to keep the DN's as simple as 
>possible.  With this in mind, can the ACL/Security be set based on attributes?

Likely...  depends on the server you're using.  I suggest redirecting
your query to a forum specific to whatever server you are using.
If you're using OpenLDAP, please use openldap-software list.

>Some specifics about what I am trying to accomplish are:
>We have multiple geographic locations and want to allow managers the 
>ability to change certain information for their subordinates only.

I would suggest using an attribute of an entry to hold the
DN of the manager and use this to grant access to entry.

>Also we 
>want to ensure that people at one location only have limited access to the 
>information about people at another location.

Depending on the server, this can be difficult to do without
creating subtrees for each location.

References:
- DN design - yet another newbie question
  - From: Bennett Samowich <brs@ben-tech.com>

Prev by Date: DN design - yet another newbie question
Next by Date: proper setup
Index(es):
- Chronological
- Thread