[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "Roles" in OpenLDAP?



Hi,

Bela Kovac <wizard@uni-paderborn.de> writes:

> Hi there,
>
> i've been looking for some way to implement Roles into my LDAP-tree,
> for simplified use in my ACLs. As i found, there is no problem
> generating a static group (objectClass: groupOfNames,
> groupOfUniqueNames) and filling it explicitely with members. So when i
> add a new user into my LDAP and i want him to be in the group i have
> to make to LDAP calls, one to insert the user and one other to add
> this new user to the group. This way i might be running into problems
> when data becomes inconsistent.
>
> So i looked for dynamic groups or roles, where membership (in a group)
> is resolved by looking for a specific attribute (and a specific value)
> in the user's entry. I found some threads regarding this topic, but i
> didn't found a clear solution.
[...]

With OpenLDAP-2.2.x you may compile with the flag --with-dyngroup and
search the docs for dynamic group overlay.

-Dieter 

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de