[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL construction : by group
- To: f.goetz@hs-mannheim.de
- Subject: Re: ACL construction : by group
- From: Andreas Hasenack <panlinux@gmail.com>
- Date: Thu, 8 Oct 2009 15:54:16 -0300
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=IHTO/FzdfCdxbCYqiQQLItn0LuPnwbCkaO5k9cOUGck=; b=I/9LyqJbvRlDgwPZb9vgE/rgcMdK30UMrjGUfp3+DPglY9Ny9eQEodufw4+UkAPjYt JdP253tcBKato9gON0tAdZzBVPQu/SUBrcTBV3BN+NRjS6Z5L4jI7OctRub6zNodp4IK eqVzF8z3ZgTSWVvtKxzd4KlsL5uGjBoyXwYA4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=DpfsoKFpnaYIuhzyClQa6Lr/mC96YiVxbXM7597Ss94+6iz0IeDb8SyCMcJokICgKc V4KB6AqZpq0PuspHklEoSYSsZpzdzUHFj4FxtVdObUCx5vtSMIEer2SYOdqFN6IRrT9g 3YUXRHOabijeA1S0YPgMCwR1MjmtFpsk+O5zo=
- In-reply-to: <200910081706.30730.f.goetz@hs-mannheim.de>
- References: <200910081706.30730.f.goetz@hs-mannheim.de>
On Thu, Oct 8, 2009 at 12:06, Florian Götz <f.goetz@hs-mannheim.de> wrote:
> access to dn.subtree="ou=Groups,dc=example,dc=de"
> by group="cn=Domain Admins,ou=groups,dc=example,dc=de" write
The "by group" ACL requires the members to be DNs.
> Is there a possibility to use the existing "Domain Admins" group for user
> authentication, even if there are only memberUids stored and not complete dn?
You can use sets, at the expense of some performance (I don't know how
large of a performance penalty, though).
See the examples of the admin guide:
http://www.openldap.org/doc/admin24/access-control.html#Group%20ACLs%20without%20DN%20syntax