[Date Prev][Date Next] [Chronological] [Thread] [Top]

R: Question to meta-backend / ldap-backend

To: Wilhelm Meier <wilhelm.meier@fh-kl.de>
Subject: R: Question to meta-backend / ldap-backend
From: Pierangelo Masarati <ando@sys-net.it>
Date: Sun, 26 Oct 2008 08:36:03 +0100 (CET)
Cc: openldap-software@openldap.org
In-reply-to: <200810251220.35926.wilhelm.meier@fh-kl.de>

----- Wilhelm Meier <wilhelm.meier@fh-kl.de> ha scritto:
> Hi,
> 
> I think this is a relative simple question but I did not use the 
> meta/ldap-backend before. 
> 
> We have an openldap-server for user authentification. The user bind as
> 
> uid=<user>,ou=Benutzer,dc=kmux,dc=de
> 
> where <user> is the actual username. 
> 
> We have a diffent application where only users of a special 
> posixGroup "Archiv" should be valid. The application is not capable 
> of doing some sort of filtering. 
> 
> So, I thought it must be passoble to do this filtering with the meta 
> or ldap-backup using the original ldap-db:
> 
> the filter should look like:
> 
> (&(cn=Archiv)(memberUid=<user>)(objectClass=posixGroup))
> 
> where <user> is the username as above.

Is the application binding?  If it is, you can restrict what data its identity can access using ACLs (see the "filter" form of the <what> part of ACLs in slapd.access(5)).

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

References:
- Question to meta-backend / ldap-backend
  - From: Wilhelm Meier <wilhelm.meier@fh-kl.de>

Prev by Date: Re: Question to meta-backend / ldap-backend
Next by Date: Re: Question to meta-backend / ldap-backend
Index(es):
- Chronological
- Thread