[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "Roles" in OpenLDAP?


Bela Kovac <wizard@uni-paderborn.de> writes:

> Hi there,
> i've been looking for some way to implement Roles into my LDAP-tree,
> for simplified use in my ACLs. As i found, there is no problem
> generating a static group (objectClass: groupOfNames,
> groupOfUniqueNames) and filling it explicitely with members. So when i
> add a new user into my LDAP and i want him to be in the group i have
> to make to LDAP calls, one to insert the user and one other to add
> this new user to the group. This way i might be running into problems
> when data becomes inconsistent.
> So i looked for dynamic groups or roles, where membership (in a group)
> is resolved by looking for a specific attribute (and a specific value)
> in the user's entry. I found some threads regarding this topic, but i
> didn't found a clear solution.

With OpenLDAP-2.2.x you may compile with the flag --with-dyngroup and
search the docs for dynamic group overlay.


Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de