[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange ACL request

To: openldap-software@OpenLDAP.org
Subject: Re: Strange ACL request
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 16 Apr 2003 17:17:33 -0700
Content-disposition: inline
In-reply-to: <1050536551.2887.12.camel@station-1>
References: <1050536551.2887.12.camel@station-1>

--On Wednesday, April 16, 2003 6:42 PM -0500 Jerry Haltom <wasabi@larvalstage.net> wrote:

Would it be possible to assign a ACL by member of group in ldap.

This seems hard to explain

gid=admins,ou=groups,dc=feedbackplusinc,com
memberUid: jhaltom
memberUid: lburton

I would want both uid=jhaltom,ou=users,dc=feedbackplusinc,dc=com as well
as the same with lburton to have higher permissions. I don't want to
specify these users specifically in the slapd.conf.

I was wondering if this kind of regular expression, substitution,
whatever, is possible in a OpenLDAP 2.1 ACL?

Yes, although lburton would simply be in an ACL group with higher permissions, not in both locations.

We use that right now @ Stanford for our ldapAdmins group.

Something like:

dn: cn=admins,ou=groups,dc=feedbackplusinc,dc=com
objectClass: groupOfNames
cn: ldapAdmin
member: uid=jhaltom,ou=users,dc=feedbackplusinc,dc=com
<other ldapadmin members>

Then in your slapd.ACL file

access to *
	by group.base="cn=admins,ou=groups,dc=feedbackplusinc,dc=com" read
	by * break

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: Strange ACL request
  - From: Jerry Haltom <wasabi@larvalstage.net>
- Re: Strange ACL request
  - From: Jerry Haltom <wasabi@larvalstage.net>

References:
- Strange ACL request
  - From: Jerry Haltom <wasabi@larvalstage.net>

Prev by Date: RE: Strange ACL request
Next by Date: Re: Strange ACL request
Index(es):
- Chronological
- Thread