[Date Prev][Date Next]
Dynlist and roles/groups
I'm not sure if this is exactly the right list, but I'm stuck trying to implement something at work and I'm hoping someone can help me.
We have an existing openldap setup that uses roles rather than groups to determine who gets what. We have people under ou=People, and roles under ou=Roles.
Here's parts of my person object:
cn: Ashley Penney
isMemberOf: cn=SFTP User:member,ou=Roles,dc=law,dc=harvard,dc=edu
description: Indicates that a user has SFTP access.
displayName: SFTP User (SFTP User)
What I want to be able to do, via nss_ldap, is to interate over the isMemberOf entries, and check the cn=x,ou=roles for a posixGroup. I've managed to get it building a search of the form:
It then does a SRCHattr=objectClass lookup, but this fails. My understanding is this requires some support in openldap itself, and I can't figure out if this is provided or not.
So, my alternative method is to build a dynamic list up, from my understanding, and have it build me a dynamic sftp-users group. I cannot figure out what values I would map however, and I'd appreciate any assistance anyone can offer.