[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: grant access on a attribute specific value

To: Tobias FranzÃn <kai@otaking.se>
Subject: Re: grant access on a attribute specific value
From: Fabrice Eudes <fabrice.eudes@free.fr>
Date: Sun, 17 Feb 2008 09:11:36 +0100
Cc: openldap-software@openldap.org
In-reply-to: <47B763F9.2050704@otaking.se>
References: <47B74F7F.7060403@free.fr> <47B763F9.2050704@otaking.se>
User-agent: Mozilla-Thunderbird 2.0.0.6 (X11/20071009)

Hi,

thanks for your answer but my chiefs are not in a separate group; the directory looks like this:

+ dc=example,dc=com | --- ou=groups | | | --- cn=group_1 (objectClass = posixGroup, members by attribute "memberUid") | | ... | --- cn=group_i | --- ou=persons | --- uid=person_1 (objectClass ~ inetOrgPerson, groups by attribute "groupesTravail") | ... --- uid=person_j

* posixGroup and memberUid(== users' uid) are compulsory to use the directory for typo3 authentification. * there is no posixAccount objectClass for the persons' entries as they have no login account on the server * I use a "groupesTravail" multivalued attribute instead of the standard gidNumber as my users may belongs to more than one group (of persons who work on the same theme) * the "chiefs" are the persons I want to grant write access to ou=groups, so they can add or delete a uid when a user registered or quit some group. Their groupesTravail attribute contains the value 1200. So, the filter behavior I am trying to get for the <who> clause is: (&(objectClass=inetOrgPerson)(groupesTravail=1200))

with hope that it is more clear, and hope that someone has a solution :-)

thanks !

References:
- grant access on a attribute specific value
  - From: Fabrice Eudes <fabrice.eudes@free.fr>

Prev by Date: Re: grant access on a attribute specific value
Next by Date: Re: grant access on a attribute specific value
Index(es):
- Chronological
- Thread