[Date Prev][Date Next] [Chronological] [Thread] [Top]

Advanced ACL configuration?



Hello,

I'm wondering if ACL's can be built by using information in the LDAP
database itself?

For example, if user X is authenticated and has an attribute
(for example) canModify: uid=y, o=foobar

then this user would have write access to the DN's listed?

Background:

Imagnine a system with useraccounts and POP accounts. One would want
to login with the useraccount to manage the POP account belonging
to that useraccount, and therefore it would need write access to
them. 

Maybe a better solution to define the relationships would be to use
the tree structure instead? I.e.

uid=user1, ...
uid=user1, uid=pop432, ...
uid=user1, uid=pop234, ...
uid=user1, uid=pop764, ...

Then users can be given write access to the subtree?

All comments are welcome!

/Stefan