[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Complex permissions for OpenLDAP
Basically I'm trying to restrict/enable userPassword access, and am
failing miserably.
Say I have this structure
cn=SubUser,uid=User,ou=People,o=ExampleCompany,c=CA
If I'm logged in as uid=User,ou=People,... I want to be able to
edit/view the userPassword for cn=SubUser, and justly have it work
heirarchily.. let's pretend that I could log in as ou=People I would
want to be able to view/edit passwords for everyone below me (including
myself).
There are hundreds of entries at the uid level, and none of them should
be able to view/edit the userPassword of the user that is below me,
except me, and only when I'm bound with that authentication.
Make sense? So far I'm able to give full read/write access to everyone
except anonymous, or hide it altogether from everyone, except the logged
in user (meaning I'd have to bind as cn=SubUser in order to view/edit
the password).
Well, that was a mouthful, and I hope it makes sense to someone. Any
help on this matter is *greatly* appreciated.
Mike Eheler