Re: Help: LDAP using alias to reference value of another attribute

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Tuesday, April 14, 2015 5:52 PM +0400 Poul Etto <zepouletto@gmail.com> 
wrote:

> There are "u" user accounts on the ldap server
> We have a number of "s" services that use LDAP to manage user account.
> Each service has particular attributes
> Each service must be able to access only it's information
> Basic services use only the information contained in the standard LDAP
> useraccount
> Advanced services have dedicated OUs with special attributes
>
> It is important that each service can accees in RO (no modification) to
> only it's information.
> That's why we made our LDAP as it is in the attached picture.

This is what custom objectClasses and ACLs are for.

Here's an example of a directory set up correctly: 
<https://itservices.stanford.edu/service/directory/datadefs/accounts>

Where services are tied to the user object, with their own specific 
attributes.  ACLs can be used to restrict what data a given service can 
retrieve.

--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration