[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "Roles" in OpenLDAP?

To: openldap-software@OpenLDAP.org
Subject: Re: "Roles" in OpenLDAP?
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Wed, 24 Mar 2004 21:02:16 +0100
In-reply-to: <8305F46E-7DB7-11D8-AE0B-000A95B18090@uni-paderborn.de> (Bela Kovac's message of "Wed, 24 Mar 2004 18:20:13 +0100")
References: <8305F46E-7DB7-11D8-AE0B-000A95B18090@uni-paderborn.de>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

Hi,

Bela Kovac <wizard@uni-paderborn.de> writes:

> Hi there,
>
> i've been looking for some way to implement Roles into my LDAP-tree,
> for simplified use in my ACLs. As i found, there is no problem
> generating a static group (objectClass: groupOfNames,
> groupOfUniqueNames) and filling it explicitely with members. So when i
> add a new user into my LDAP and i want him to be in the group i have
> to make to LDAP calls, one to insert the user and one other to add
> this new user to the group. This way i might be running into problems
> when data becomes inconsistent.
>
> So i looked for dynamic groups or roles, where membership (in a group)
> is resolved by looking for a specific attribute (and a specific value)
> in the user's entry. I found some threads regarding this topic, but i
> didn't found a clear solution.
[...]

With OpenLDAP-2.2.x you may compile with the flag --with-dyngroup and
search the docs for dynamic group overlay.

-Dieter 

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

Follow-Ups:
- RE: "Roles" in OpenLDAP?
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- "Roles" in OpenLDAP?
  - From: Bela Kovac <wizard@uni-paderborn.de>

Prev by Date: Re: How to confirm --enable-local
Next by Date: Re: LDAP to VCARD
Index(es):
- Chronological
- Thread