[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DN design - yet another newbie question



At 02:51 PM 6/16/00 -0400, Bennett Samowich wrote:
>I have been told that it is good to keep the DN's as simple as 
>possible.  With this in mind, can the ACL/Security be set based on attributes?

Likely...  depends on the server you're using.  I suggest redirecting
your query to a forum specific to whatever server you are using.
If you're using OpenLDAP, please use openldap-software list.

>Some specifics about what I am trying to accomplish are:
>We have multiple geographic locations and want to allow managers the 
>ability to change certain information for their subordinates only.

I would suggest using an attribute of an entry to hold the
DN of the manager and use this to grant access to entry.

>Also we 
>want to ensure that people at one location only have limited access to the 
>information about people at another location.

Depending on the server, this can be difficult to do without
creating subtrees for each location.