[Date Prev][Date Next] [Chronological] [Thread] [Top]

Howto implement RBAC with OU's and posixGroups

To: openldap-technical@openldap.org
Subject: Howto implement RBAC with OU's and posixGroups
From: Fred van Zwieten <fvzwieten@gmail.com>
Date: Wed, 22 Feb 2012 10:22:55 +0100
Authentication-results: mr.google.com; spf=pass (google.com: domain of fvzwieten@gmail.com designates 10.50.208.1 as permitted sender) smtp.mail=fvzwieten@gmail.com; dkim=pass header.i=fvzwieten@gmail.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=/QbrQ2SFay2tyRGQ/5Rj2s6tki26Id/IhlQ+8ZLjVH0=; b=cue5B4+dcKHYLizubFfPYOVGydBXgfU6ytCd8LgWyDwqAOl1O1JMwYBG9VsWAp+o2I Jt0KzqSWcJJ9FWqFZ+A2tSt1Iyq+f4zuTuuyDeTZP1SgQtGehotBaGxYghtfTUHS4OL0 mFvh4OpUNObnlHlS4l8TmvCo1N0A3v56LL5os=

Hi all,

warning: openldap newbie..

is it possible to have a person put into an OU and, because of this, will become member of some group in such a way that this group shows up in linux using "id". This to implement some form of RBAC. I found GroupofMembers, but that has nothing to do with OU's. Also, it seems posixGroup and groupOfMembers objecttypes are no longer allowed together because the are both STRUCTURAL.

In AD this is possible.

Greetz,

Fred

Follow-Ups:
- Re: Howto implement RBAC with OU's and posixGroups
  - From: llg <llg@portaildulibre.fr>

Prev by Date: daemon: bind(6) failed errno=98 (Address,already in use)
Next by Date: Re: daemon: bind(6) failed errno=98 (Address,already in use)
Index(es):
- Chronological
- Thread