[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Controlling access based on group membership

To: openldap-technical@openldap.org
Subject: Re: Controlling access based on group membership
From: Nick Milas <nick@eurobjects.com>
Date: Wed, 22 Feb 2012 18:27:10 +0200
In-reply-to: <4F43998C.5030806@eurobjects.com>
References: <4F423242.5000100@eurobjects.com> <20120220221403.6612d43d@pink.avci.de> <4F42C1BD.6060509@eurobjects.com> <201202211228.15614.bgmilne@staff.telkomsa.net> <4F43998C.5030806@eurobjects.com>
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2

On 21/2/2012 3:18 ÎÎ, Nick Milas wrote:

What you want to do may be achieveable with sets
(http://www.openldap.org/faq/data/cache/1133.html).

I'll read about sets, thanks.

As I see in the documentation, what we want to accomplish could be doneusing sets as follows:


 access to <some entries> <some attributes>
       by set="this/AdminGroups/member* & user" write
       by set="this/ReadGroups/member* & user" read
       by set="this/SearchGroups/member* & user" search

Can someone more experienced with sets, please comment on it (confirm orcorrect it)?


Thanks to all for the help,
Nick

Follow-Ups:
- Re: Controlling access based on group membership
  - From: Nick Milas <nick@eurobjects.com>

References:
- Controlling access based on group membership
  - From: Nick Milas <nick@eurobjects.com>
- Re: Controlling access based on group membership
  - From: Dieter KlÃnter <dieter@dkluenter.de>
- Re: Controlling access based on group membership
  - From: Nick Milas <nick@eurobjects.com>
- Re: Controlling access based on group membership
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- Re: Controlling access based on group membership
  - From: Nick Milas <nick@eurobjects.com>

Prev by Date: 2.4.29 memberof: entry_encode: Assertion `i == a->a_numvals' failed.
Next by Date: Join my network on LinkedIn
Index(es):
- Chronological
- Thread