[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Another approach to a previous question
=)
Previously I asked if there was a way to limit searches to exact
matches... so for instance you could search for
printer-name=blar,ou=private,ou=printers,dc=ncsu,dc=edu but could not
search through ou=private,ou=printers,dc=ncsu=dc=edu... and the answer was
no. =)
For a different approach to this issue, I already have a tree called
ou=hosts,dc=ncsu,dc=edu. This has host specific "configuration" type
information. Currently, it only has what groups are allowed and not
allowed into the machine. I was going to add printers to this, so you can
assign printers based off their entry in LDAP. So lets pretend I have an
entry called:
cn=skippy.unity.ncsu.edu,ou=hosts,dc=ncsu,dc=edu
and it has:
ncsuAssignedPrinter: dhl-2413-1
ncsuAssignedPrinter: dhl-2413-2
ncsuAssignedPrinter: dhl-2413-color1
ncsuAssignedPrinter: dhl-2413-private-printer
Is there any way I could limit access to the private printer tree based
off that? In other words, "unless you are coming from skippy, you don't
get to see the entry for dhl-2413-private-printer" in
ou=private,ou=printers,dc=ncsu,dc=edu. Something like:
access to dn.regex="printer-name=(.*),ou=private,ou=printers,dc=ncsu,dc=edu
by (host, where host has $1 listed in it's ncsuAssignedPrinter)
?
Daniel
--
/\\\----------------------------------------------------------------------///\
\ \\\ Daniel Henninger http://www.vorpalcloud.org/ /// /
\_\\\ North Carolina State University - Systems Programmer ///_/
\\\ Information Technology <IT> ///
"""--------------------------------------------------------------"""