[Date Prev][Date Next] [Chronological] [Thread] [Top]

Another approach to a previous question



=)

Previously I asked if there was a way to limit searches to exact matches... so for instance you could search for printer-name=blar,ou=private,ou=printers,dc=ncsu,dc=edu but could not search through ou=private,ou=printers,dc=ncsu=dc=edu... and the answer was no. =)

For a different approach to this issue, I already have a tree called ou=hosts,dc=ncsu,dc=edu. This has host specific "configuration" type information. Currently, it only has what groups are allowed and not allowed into the machine. I was going to add printers to this, so you can assign printers based off their entry in LDAP. So lets pretend I have an entry called:
cn=skippy.unity.ncsu.edu,ou=hosts,dc=ncsu,dc=edu
and it has:
ncsuAssignedPrinter: dhl-2413-1
ncsuAssignedPrinter: dhl-2413-2
ncsuAssignedPrinter: dhl-2413-color1
ncsuAssignedPrinter: dhl-2413-private-printer


Is there any way I could limit access to the private printer tree based off that? In other words, "unless you are coming from skippy, you don't get to see the entry for dhl-2413-private-printer" in ou=private,ou=printers,dc=ncsu,dc=edu. Something like:

access to dn.regex="printer-name=(.*),ou=private,ou=printers,dc=ncsu,dc=edu
	by (host, where host has $1 listed in it's ncsuAssignedPrinter)

?

Daniel

--
/\\\----------------------------------------------------------------------///\
\ \\\      Daniel Henninger           http://www.vorpalcloud.org/        /// /
 \_\\\      North Carolina State University - Systems Programmer        ///_/
    \\\                   Information Technology <IT>                  ///
     """--------------------------------------------------------------"""