[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Controlling access to users



Am Wed, 26 Jun 2013 16:46:03 +0000
schrieb Mathew Wilson <mat.wilson@uci.edu>:

> Hi, everyone-
> 
> I have a puzzle to solve here. We use LDAP for group management in
> JIRA, and for the most part it works well. However, when trying to
> add "watchers" to issues, we currently don't have a way to limit this
> to users who have been defined in LDAP groups. So, that means that
> the list of watchers is 25000 people long. Add to that the fact that
> this can possibly impact our licensing. Naturally, JIRA has no way to
> accomplish this at the moment.
> 
> What I need to do is make it so that only users we have defined in
> groups under a specific OU can be read. I had initially thought to
> use (memberOf=*), but we have groups under another OU that everyone
> belongs to. I would like to avoid having to create a special group
> for this, since membership in any group under our "application" ou
> implies access to JIRA.
> 
> How would you go about this?

Thera are quit a lot of possible solutions. You may
- create dynamic groups and dynacl
- name some attributes
- design access rules by means of sets

man slapd.access(5) and
http://www.openldap.org/faq/data/cache/189.html
shows lots of examples
Here are some links on sets
http://www.openldap.org/faq/data/cache/1133.html
http://www.openldap.org/faq/data/cache/1134.htm

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E