[Date Prev][Date Next]
DN design - yet another newbie question
(this is a re-post from the openldap-general list)
I have been told that it is good to keep the DN's as simple as
possible. With this in mind, can the ACL/Security be set based on attributes?
If my DN is something like this:
employeeId=1234, o=Four Seasons Produce, c=US
Can I set security to something like this:
Allow viewing of attribute (x) from DN with attribute (y).
or must I create a DN like this:
ou=Manager, ou=Virginia, employeeId=1234, o=Four Seasons Produce, c=US
Some specifics about what I am trying to accomplish are:
We have multiple geographic locations and want to allow managers the
ability to change certain information for their subordinates only. Also we
want to ensure that people at one location only have limited access to the
information about people at another location.
Thanks in advance,