[Date Prev][Date Next] [Chronological] [Thread] [Top]

Crazy ldap attribute release policy

To: openldap-software@OpenLDAP.org
Subject: Crazy ldap attribute release policy
From: Digant Kasundra <digant@uta.edu>
Date: Wed, 21 Jul 2004 17:26:29 -0500

Title: Message

Hello everyone,

I'm trying to write a super weird ACL or looking for a better way to handle the following problem:

Our UNIX systems query OpenLDAP to get gidNumber for people logging in. One such gidNumber puts a person in the sysadmin group, but people aren't not admins of all the servers, so that gidNumber should only be released to certain servers.

Currently, the lookup is done with a SASL bind and a DN specific to each machine. So, should I (and can I) make an ACL that says "in the cn=accounts branch, release all attributes but only release gidNumber=100 if the person asking is dn=omega." ??

*OR* is there a better way to go about this?

-- DK

Prev by Date: additional info: dialup Access: attribute description contains inappropriate characters
Next by Date: Re: additional info: dialup Access: attribute description contains inappropriate characters
Index(es):
- Chronological
- Thread