[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using LDAP how to restrict users to certain applications only



--On Tuesday, May 07, 2013 11:11 AM +0530 "Geo P.C." <pcgeopc@gmail.com> wrote:



Please let me know is it possible to implement this idea?. Also please
let me know your thoughts.

It is trivial as long as your application has an application specific bind dn. If it does, then you can restrict this via ACLs on the server side. For example:

access to dn.base="ou=users,dc=example,dc=com" filter="(myServiceAttr=zabbix)" attrs=uid,<other attrs> by dn.exact="cn=zabbix,cn=applications,dc=example,dc=com" read by * break

Each user entry would need to have "myServiceAttr" values that listed the service(s) they had access to (such as zabbix).

--Quanah



--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration