[Date Prev][Date Next]
Crazy ldap attribute release policy
I'm trying to write
a super weird ACL or looking for a better way to handle the following
Our UNIX systems
query OpenLDAP to get gidNumber for people logging in. One such gidNumber
puts a person in the sysadmin group, but people aren't not admins of all the
servers, so that gidNumber should only be released to certain
lookup is done with a SASL bind and a DN specific to each machine. So,
should I (and can I) make an ACL that says "in the cn=accounts branch, release
all attributes but only release gidNumber=100 if the person asking is dn=omega."
*OR* is there a
better way to go about this?