grouping - OpenLDAP : ACL : Allow users to manager their own groups -

-

I need your advice on the LDAP structure and associated ACL.

Our LDAP 10 (Numbers may vary) Organization that includes users (total 250 users) I want 1 user to manage all users of my organization. Users will also be attached to custom groups

What is the best LDAP structure for this?

My first thoughts are: Group: 

  dn: cn = manager, ou = roles, ou = group class: posixgroup class: top cn: manager gidNumber: 10100 MemberUd: user1 memberUid: user3 dn: cn = Structure1, ou = structures, ou = group class: posixGroup cn: Structure1 gidNumber: 10000 Description: Structure1 memberUid: user1 memberUid: user2 dn: cn = Structure2, ou = structures, ou = group Class: posixGroup cn: Structure2 gidNumber: 10001 Description: Structure2 memberUid: memberUid user3: user4   
 user1 user user2 should be allowed to edit, but not user3 or u Ser4 user3 should be allowed to edit user1 but not user2  
 I actually stuck on ACL because I would like to do something like a group of entries using the ACL set method to the user I did not: / p> 
  {1} from dn.children = "ou = users" to set = "[cn =] + this / groups + [, ou = structures, ou] = group] / memberUid & amp; ; User / uid "write * read   
 if I am able to use better groupOfNames than posixGroup  
 I Only read:  
  •  
  •   
  •    
     Thank you for guiding me in the right direction for your help   
     
     
     My contribution is an option to solve this situation. I know it's been a while, but I hope someone will help it. - Both groupfamas or organizational changes (previous support group) require DN as a member. OrganizationalRole olcMemberOfMemberAD: roleOccupant olcMemberOfMemberOfAD: Enable olcMemberOfGroupOC to enable groups ("Group - memberof overlay, userof operational feature on user (on any attribute in this user entry, list of groups where user is a member)" in user Is the current operational feature)  
       
    •   According to the original verbs, where both actions are executed and you ensure that the user The properties of operations are the values ​​of the group, here are 2 scenarios:  
         
      •  The first scenario - User1 is allowed to write user3, ou = Users because they are cn = manager, or = roles, Group  
      •  2 Scenario - To write user1 user2, where = Users are allowed as they come under cn = Structure1, ou = structures, ou = group     set by 
         
         type "this / group and user / group"  
          write this ALC The same group of Numti returns when both users (Revised and modifiers), the ACL writing privileges set will Ges. Get the value of the "user / group" modifier group attribute = CN = manager, or =  user = user1, or = user  
          
      •  Roles, or = group - cn = structure 1, or = structures, o = group.  
      •  
         This = Users 3, or = Users  
         "This / group" receives the values ​​of the modified object group attribute.  cn = manager, or = roles, ou = group  and cn = structure 2, or = structures, or = group   
      •  
         this = user2, ou = User  
         Get the value of the "Object / Group" modified object group attribute = CN = manager, or = roles, ou = group and  CN = structure1, or = structures, ou = group < / Strong>    
         I hope that this question and openldap like a few days ago would be useful for anyone who struggled with ACL.  
         Best regards!

    • Comments

    Post a Comment

    Popular posts from this blog

    python - Writing Greek in matplotlib labels, titles -

    -
    Image
    I'm trying to write some text for labels, shape titles etc. with my plots, but no benefit till now Has not happened . I do not want to print specific characters (I know how to use special characters), I want to write the entire text in Greek (maybe Unicode and text ' ?). , suggesting that I would like to mention that for some reason I can not get matplotlib to cooperate with Tex (using IPython notebook from Anaconda in Ubuntu 14.10) so that there really is an option Will not be the first. I tried loading the Arial font and it loads successfully but again I get square blocks instead of characters. I import matplotlib.font_manager FM PROP = FM Font Properties (fname = '/ usr / share / fonts / truetype / msttcorefonts / Arial.ttf') And then to display the string I u'Î? ? I ?? Î¿Ï ?? ÎμÎ »second ?? μΠ± i ?? I ± i ?? I ?? Used ο किया? ? Î¿Î¼Î¿Î¯Ï ?? I ?? I · I ?? ' . Ariel is considered to be fully presented to Greek and I have used it many times ...
    Read more

    c# - LINQ to Entities does not recognize the method 'Int32 IndexOf(System.String, System.StringComparison)' method -

    -
    I have performed a linq query using Entityframework as below GroupMaster getGroup = Null; GetGroup = DataContext.Groups.FirstOrDefault (item = & gt; keyword.IndexOf (item.Keywords, StringComparison.OrdinalIgnoreCase)> = 0 & amp; amp; item.ISNAmd) I found an exception like the method when executing it LINQ units do not recognize the 'Inter 32 index of (system string, system. String compromise)' method, and This method can not be translated to Store expression. Includes () method is sensitive by default, then I need to convert to minimize. Is there any method in which a string match match is examined and whether there is any method to solve the index question of the method? You actually have four options Databases globally Change the colon of it can be done in many ways, a simple Google search should reveal to them. Change the mix of individual tables or columns. Use a stored procedure and specify the call statement on your query Perform...
    Read more

    Pygame memory leak with transform.flip -

    -
    Today I came across an interesting issue which, by writing a small side scroller, instead of a sprite sheet, I was planning to use because I lacked a good "packer" for making phantom sheets (and honestly with patience and passion as it is only a test project). Anyway, I showed the animation running on the right of 8 PNG (with transparency). I considered it a good idea to prepare the flipped images to run on the left in the consultant, and the frame is not framed when the game is running (Flip actually consumes a lot of CPU like I Was measured). > To get access to the loop, I get the memory leak self.move_l = [# 8 PNG images with transparency to the right] For the self in IMG. Move_l: self.move_r.append (pygame.transform.flip (img, true, false) error traceback: traceback (most recent Call final): The file "D: \ Python 34 \ _Projects \ efg \ efg.py", in line 196, in the & lt; module & gt; main = master program ((1024, 680)) "D: \ Python ...
    Read more