[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs by netgroup?

On Fri, 2006-02-03 at 15:02 -0800, samuel gipe wrote:
> Hi All,
> Using the ldap search filter terminology (rfc 2254), is it possible to return
> the dn of each uid specified in a given netgroup?
> I am trying to designate a slapd.conf ACL which allows one to write the
> userPassword and shadowLastChange field of members of the given netgroups. 
> Ultimately, I would like to allow managers to change the passwords of their
> reports (who are listed in netgroups).
> Generally, is it possible to define the "to what" portion of ACLs via
> netgroups.
> Things I've done prior to mailing include but are not limited to: man
> slapd.conf, man slapd.access, reading the Oreilly book, reading rfc2254,
> experimentation.

I'm pretty sure it can be done, although I'm not sure I understand what
you're trying to do.  Please clarify terms like "netgroup", "managers"
and "reports" in terms of corresponding LDAP entities (e.g. attributes,
objectClasses and so)


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it