[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Crazy ldap attribute release policy
Title: Message
Hello
everyone,
I'm trying to write
a super weird ACL or looking for a better way to handle the following
problem:
Our UNIX systems
query OpenLDAP to get gidNumber for people logging in. One such gidNumber
puts a person in the sysadmin group, but people aren't not admins of all the
servers, so that gidNumber should only be released to certain
servers.
Currently, the
lookup is done with a SASL bind and a DN specific to each machine. So,
should I (and can I) make an ACL that says "in the cn=accounts branch, release
all attributes but only release gidNumber=100 if the person asking is dn=omega."
??
*OR* is there a
better way to go about this?
--
DK