[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Strange ACL request



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Jerry Haltom

> Would it be possible to assign a ACL by member of group in ldap.
>
> This seems hard to explain
>
> gid=admins,ou=groups,dc=feedbackplusinc,com
> memberUid: jhaltom
> memberUid: lburton
>
> I would want both
> uid=jhaltom,ou=users,dc=feedbackplusinc,dc=com as well
> as the same with lburton to have higher permissions. I don't want to
> specify these users specifically in the slapd.conf.
>
> I was wondering if this kind of regular expression, substitution,
> whatever, is possible in a OpenLDAP 2.1 ACL?

It looks like you're using RFC2307. For the most part, the OpenLDAP ACL
engine only operates on identities that are expressed as distinguished names,
so it won't recognize those memberUids. You should use RFC2307bis instead,
which uses DNs for group members instead of uids.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support