[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Roles in OpenLDAP with back-sql

To: David Rose <david@complex.ch>
Subject: Re: Roles in OpenLDAP with back-sql
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Sat, 8 Sep 2012 08:54:22 -0400 (EDT)
Cc: openldap-technical@openldap.org
In-reply-to: <5049FDDD.6090306@complex.ch>
References: <5049FDDD.6090306@complex.ch>
User-agent: Alpine 2.02 (SOC 1266 2009-07-14)

On Fri, 7 Sep 2012, David Rose wrote:

Hi everyone,

Is anybody know if it's possible to define roles in OpenLDAP using back-sql?

Here's the thing, we need to prevent some of our users to see "everything".
We need to filter results for some groups of users. But we need these
rules in the database (Postgres) to be able to change them dynamically.

Problem is that, currently, when a user send a search query, OpenLDAP
does not include in any way the DN of the user who made the query. As a
result we have trouble creating scopes by user/group.

Thanks

Not specific to back-sql, but if you need access control on the basis ofthe current bind DN, explore sets (OpenLDAP Admin Guide sec 8.5) relativeto "user/dn" (IIRC "dn" is default so just "user" can be written, as seenin the admin guide examples).

You might be better off making some dummy data with a set ACL along thelines of test006 (stored with back-hdb or similar), then figuring out theappropriate back-sql views as a second step.

References:
- Roles in OpenLDAP with back-sql
  - From: David Rose <david@complex.ch>

Prev by Date: Re: mdb - no space left?
Next by Date: Re: mdb - no space left?
Index(es):
- Chronological
- Thread