[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help: LDAP using alias to reference value of another attribute

To: Poul Etto <zepouletto@gmail.com>, openldap-technical@openldap.org
Subject: Re: Help: LDAP using alias to reference value of another attribute
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Fri, 10 Apr 2015 12:10:06 -0700
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.9.2 edge02.zimbra.com 1DD03A6297
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1428693014; bh=TynO7c9795xjND89LH1Ln9lhKpw1nJ0a9DbXuva1I/w=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=Vcs8GT4GH7xmcaXF7WED0Gb3tBS86f5qs1WX9oSryE2XaIlZQN1NDNqxd0UqvWhEb ULsgEoY9oWhMecqXxV5zf17rp+wCvyaze9NfhKuaQGL+UttqXTC7WgQz8mdgxb8NlZ 126qrwavl9muzjKCu0rZohwpKAWJwFkvLvlJmGOs=
In-reply-to: <CAGCN28fH0PT-Qpk1Mr-6iOHfmCr0QuR-Egzsyve98=OgvOaXWw@mail.gmail.com>
References: <CAGCN28dL17hcuz3e3UHMkD94_r+xrmX7U=F4qn0pjs9OXPCu8Q@mail.gmail.com> <5526B4CE.6030900@stroeder.com> <CAGCN28fH0PT-Qpk1Mr-6iOHfmCr0QuR-Egzsyve98=OgvOaXWw@mail.gmail.com>

--On Friday, April 10, 2015 5:02 PM +0400 Poul Etto <zepouletto@gmail.com>wrote:







Hi,

Thank you for answers...

Michael: We didn't know about it... We need such a structure as each of
our employees has an account but does not always have access to all our
services (and there really are many), so we prefered spliting everything
in different OUs.


That's very poor design.

Quanah: To be honest, we have no LDAP expert in our technical team, so if
you have some time to explain how to set it up in a good way, we would be
very glad.

The most trivial way to do it is to create a AUX objectClass that has anattribute that tracks which services an employee has access to, and thensimply configuring things to use that attribute when allowing access to asystem.


olcAttributeTypes: ( companyOID
 NAME ( 'myCompanyServices' )
 DESC 'services an employee has access to'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 EQUALITY caseIgnoreMatch)

olcObjectClasses: ( myCustomObject
 NAME 'myCustomObject'
 DESC 'Custom object for my company'
 SUP top AUXILIARY
 MAY (
   myCompanyServices $
 )
)

Then add that AUX OC onto any account.

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- Help: LDAP using alias to reference value of another attribute
  - From: Poul Etto <zepouletto@gmail.com>
- Re: Help: LDAP using alias to reference value of another attribute
  - From: Michael Ströder <michael@stroeder.com>
- Re: Help: LDAP using alias to reference value of another attribute
  - From: Poul Etto <zepouletto@gmail.com>

Prev by Date: ldap_sasl_interactive_bind_s works while ldap_sasl_bind_s does not (GSSAPI bind)
Next by Date: Re: Help: LDAP using alias to reference value of another attribute
Index(es):
- Chronological
- Thread