[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control

--On December 4, 2007 5:52:11 PM -0500 Nathan Nobbe <quickshiftin@gmail.com> wrote:

hello all,

i am working on my first installation of openldap, so please bear with me.
i assure you in advance i have been digging through the manual and only
resort to the mailing list after exhausting ability to understand how to
the access portion of slapd.conf by reading the administration guide.  in
particular, if some of the language i use in the email is a bit hazy, im
my best.

anyway here is the background; i have designed the tree structure as
beneath the rootdn there are organizationalUnit objects and beneath those
there are
organizationalPerson objects.

Just on a general note, I'd say this is a fairly poor design decision. Given the way that people often shift organizations, or work for more then one, I've found that putting organizations in their own tree, and then people in their own tree works a lot better, and makes ACLs easier.

In answer to your question, however, you may find that using sets helps with some of what you want to do.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration