[Date Prev][Date Next] [Chronological] [Thread] [Top]

Q: roles for authentication

To: <openldap-technical@openldap.org>
Subject: Q: roles for authentication
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Mon, 01 Dec 2014 10:31:23 +0100
Content-disposition: inline

Hi!

I have a question: You can define roles for authentication this way:
Multiple DNs can be members of a group/rolem, and you can use group names when assigning ACLs.
To authenticate, a user will use his DN and own password.

Now when a DN is member of multiple roles/groups, authenticating as member assignes all the rights each group/role has.

The idea of a role however is that a user "changes hats", depending on the task he is doing.

I wonder: Is it possibe to authenticate with a group/role's DN and the user's (a memeber) password?

Or is there some other mechanism to accieve what I want?

Regards,
Ulrich

Follow-Ups:
- Re: Q: roles for authentication
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: need serious help on replication over ssl - getting do_syncrep1: rid 001 ldap_sasl_bind_s failed (-1)
Next by Date: Antw: need serious help on replication over ssl - getting do_syncrep1: rid 001 ldap_sasl_bind_s failed (-1)
Index(es):
- Chronological
- Thread