[Date Prev][Date Next]
I am developing an application that should permit to users
to interact with a subtree of the DIT.
For example, given the node
there is a user called
that can do everything but under that node.
That user can add others users too, to manage zones under
for example, the user admin could add the zone
and define a user smadmin to manage that zone.
After that, admin should be able to see everything under
the zone ou=Managers,ou=Administration,l=Italy,o=XYZ,
INCLUDING the zone ou=SuperManagers,... and smadmin only
This operations should not imply to restart the server with
new acl definitions.
Which is the best/preferred way to do that ?
I was thinking about adding an attribute to every user that
contains the zone for which he is enabled. For example, the
user admin should be defined in this way:
and to define an acl that reads enabledCtx.
Are there other ways to do it ?
Thanks for every suggestion,