[Date Prev][Date Next]
Re: access control
--On December 4, 2007 5:52:11 PM -0500 Nathan Nobbe
i am working on my first installation of openldap, so please bear with me.
i assure you in advance i have been digging through the manual and only
resort to the mailing list after exhausting ability to understand how to
the access portion of slapd.conf by reading the administration guide. in
particular, if some of the language i use in the email is a bit hazy, im
anyway here is the background; i have designed the tree structure as
beneath the rootdn there are organizationalUnit objects and beneath those
Just on a general note, I'd say this is a fairly poor design decision.
Given the way that people often shift organizations, or work for more then
one, I've found that putting organizations in their own tree, and then
people in their own tree works a lot better, and makes ACLs easier.
In answer to your question, however, you may find that using sets helps
with some of what you want to do.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration