[Date Prev][Date Next] [Chronological] [Thread] [Top]

group acl in what

To: openldap-software@OpenLDAP.org
Subject: group acl in what
From: Hikmat Farhat <hf00@aub.edu.lb>
Date: 23 Jan 2002 10:03:47 +0200


hello, 

we have the following setup: 

student(thousands) accounts are in a subtree: 

.*,ou=students,ou=people,o=fas 

and there are many courses each having one or more intructors. 
i need to give each instructor write permissions to all his 
student's entries. A student might be enrolled in more than one course. 

i tried 2 different acls: 

1)for each student record have an attribute course
and the following acl: 

access to filter="(course=somecourse)" 
by group="c=somecourse_instructors,ou=people,o=fas" write 

this works but i have to list all course in slapd.conf 

2)add an attribute manager to each student 
so for a student taking course1 and course2 will have an entry 

dn:uid=student1,.... 
manager:lab1_instructor 
manager:lab2_instructor 

and the acl: 

access to dn=".*,ou=students,ou=people,o=fas" 
by dnattr=manager write 

this seems better than the above but it is time consuming 
to go over the student entries and add for each a manager attribute 

any suggestions?

Prev by Date: Re: ACL for PGP [Virus checked (@MLP)] [Virus checked]
Next by Date: NIS to LDAP: a better way?
Index(es):
- Chronological
- Thread