[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Roles in OpenLDAP with back-sql

To: David Rose <david@complex.ch>
Subject: Re: Roles in OpenLDAP with back-sql
From: Dan White <dwhite@olp.net>
Date: Fri, 7 Sep 2012 09:17:33 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <5049FDDD.6090306@complex.ch>
References: <5049FDDD.6090306@complex.ch>
User-agent: Mutt/1.5.21 (2010-09-15)

On 09/07/12 15:59 +0200, David Rose wrote:

Hi everyone,

Is anybody know if it's possible to define roles in OpenLDAP using back-sql?

Here's the thing, we need to prevent some of our users to see "everything".
We need to filter results for some groups of users. But we need these
rules in the database (Postgres) to be able to change them dynamically.


Consider using the dynamic slapd-config backend instead. See chapters 5 and
8 of the OpenLDAP Administrator's Guide.

Problem is that, currently, when a user send a search query, OpenLDAP
does not include in any way the DN of the user who made the query.


That seems counterintuitive. Are your users binding anonymously? If so,
don't do that.

As a result we have trouble creating scopes by user/group.


--
Dan White

Follow-Ups:
- Re: Roles in OpenLDAP with back-sql
  - From: David Rose <david@complex.ch>

References:
- Roles in OpenLDAP with back-sql
  - From: David Rose <david@complex.ch>

Prev by Date: Roles in OpenLDAP with back-sql
Next by Date: Re: Roles in OpenLDAP with back-sql
Index(es):
- Chronological
- Thread