[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help with ACLs

To: openldap-technical@openldap.org
Subject: Re: Help with ACLs
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Wed, 16 Apr 2008 14:22:40 +0200
In-reply-to: <12b7ac1e0804151542k786c0d1buea99201ef1a8f23b@mail.gmail.com> (David Clarke's message of "Wed, 16 Apr 2008 10:42:44 +1200")
References: <12b7ac1e0804151542k786c0d1buea99201ef1a8f23b@mail.gmail.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

Hi,

"David Clarke" <pigwin32@gmail.com> writes:

> Hello and apologies if I'm posting this in the wrong location.
>
> I'm trying to apply some security to my openldap repository and I'm
> struggling with how or even if I can express a particular constraint.

[...]

> What I would like to do is restrict the user to having read access
> only to those subsidiary organisations based on the value of the
> user's "o" attribute. Is this a reasonable approach or should I be
> expressing this differently in my schema?

Try access control by sets
http://www.openldap.org/faq/data/cache/1133.html

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

References:
- Help with ACLs
  - From: "David Clarke" <pigwin32@gmail.com>

Prev by Date: Problem searching LDAP
Next by Date: Re: Problem searching LDAP
Index(es):
- Chronological
- Thread