grouping - OpenLDAP : ACL : Allow users to manager their own groups -

-

I need your advice on the LDAP structure and associated ACL.

Our LDAP 10 (Numbers may vary) Organization that includes users (total 250 users) I want 1 user to manage all users of my organization. Users will also be attached to custom groups

What is the best LDAP structure for this?

My first thoughts are: Group: 

  dn: cn = manager, ou = roles, ou = group class: posixgroup class: top cn: manager gidNumber: 10100 MemberUd: user1 memberUid: user3 dn: cn = Structure1, ou = structures, ou = group class: posixGroup cn: Structure1 gidNumber: 10000 Description: Structure1 memberUid: user1 memberUid: user2 dn: cn = Structure2, ou = structures, ou = group Class: posixGroup cn: Structure2 gidNumber: 10001 Description: Structure2 memberUid: memberUid user3: user4   
 user1 user user2 should be allowed to edit, but not user3 or u Ser4 user3 should be allowed to edit user1 but not user2  
 I actually stuck on ACL because I would like to do something like a group of entries using the ACL set method to the user I did not: / p> 
  {1} from dn.children = "ou = users" to set = "[cn =] + this / groups + [, ou = structures, ou] = group] / memberUid & amp; ; User / uid "write * read   
 if I am able to use better groupOfNames than posixGroup  
 I Only read:  
  •  
  •   
  •    
     Thank you for guiding me in the right direction for your help   
     
     
     My contribution is an option to solve this situation. I know it's been a while, but I hope someone will help it. - Both groupfamas or organizational changes (previous support group) require DN as a member. OrganizationalRole olcMemberOfMemberAD: roleOccupant olcMemberOfMemberOfAD: Enable olcMemberOfGroupOC to enable groups ("Group - memberof overlay, userof operational feature on user (on any attribute in this user entry, list of groups where user is a member)" in user Is the current operational feature)  
       
    •   According to the original verbs, where both actions are executed and you ensure that the user The properties of operations are the values ​​of the group, here are 2 scenarios:  
         
      •  The first scenario - User1 is allowed to write user3, ou = Users because they are cn = manager, or = roles, Group  
      •  2 Scenario - To write user1 user2, where = Users are allowed as they come under cn = Structure1, ou = structures, ou = group     set by 
         
         type "this / group and user / group"  
          write this ALC The same group of Numti returns when both users (Revised and modifiers), the ACL writing privileges set will Ges. Get the value of the "user / group" modifier group attribute = CN = manager, or =  user = user1, or = user  
          
      •  Roles, or = group - cn = structure 1, or = structures, o = group.  
      •  
         This = Users 3, or = Users  
         "This / group" receives the values ​​of the modified object group attribute.  cn = manager, or = roles, ou = group  and cn = structure 2, or = structures, or = group   
      •  
         this = user2, ou = User  
         Get the value of the "Object / Group" modified object group attribute = CN = manager, or = roles, ou = group and  CN = structure1, or = structures, ou = group < / Strong>    
         I hope that this question and openldap like a few days ago would be useful for anyone who struggled with ACL.  
         Best regards!

    • Comments

    Post a Comment

    Popular posts from this blog

    Pass DB Connection parameters to a Kettle a.k.a PDI table Input step dynamically from Excel -

    -
    Image
    I have a requirement whenever I run my own kettle, dynamically took database connection parameters from an excel source Every run should go. I have an Excel column names: hostname, username, database, password. I want to pass these connection parameters to my table input stage dynamically whenever it runs the job. This is what I was trying to do. You can get it Connection parameters from the DB reading source (for example Excel or a CSV file in my example) < / Li> Store the parameters in the variable Using the variable in your connection's settings. Setting Variables Create another conversion for (you can not do it in the same conversion Uses): set variables element variable: The element that reads / writes your data creates a new connection and sets the connection parameter using $ {variable name_} Note that you will need to type in the field field in the field $ {password} Also keep in mind that this can be a security problem as the
    Read more

    multithreading - PhantomJS-Node in a for Loop -

    -
    I am trying to implement a screen-scraps application that opens a URL in which a parameter changes as it is for a loop: var data = [ '100', '101', '102', '103', '104']; (Var indexA = 0; indexA & lt; data.length; indexA ++) for {Phantom Generation ({'port': freeport}, function (pH) {ph.create page (function (page) {page.open ("http: //...++ data [index B] +" ... " , Status {console.log ("open site:" + data [index B], position); / * OLD * / indexB ++; page evaluation (function () {// page scrape and an object Return}, function {console.log (result.dataRequest); // here is the problem}); / * new and fixed * / indexB ++} first console Logs it: Open Site: 100 Success Opens Site: 101 Success B Ola Site: 102 Success Opening Site: 103 Success Opened Site: 104 Success Which is good. Data is verified in scrap HTML and from index to array Matches. So in page 101 I scrap '101 and retrieve' and pu
    Read more

    c++ - MATLAB .m file to .mex file using Matlab Compiler -

    -
    I know that it can speak as a very famous topic, but something that helps me with it Not found This scenario is: I have my functions function, no matter what's inside, it's a generic function that may depend on other toolboxes. Does. Has input and output; I want to generate the same myFun.mex function; : Lib myFun This way I get some new files: libmyfun.c libmyfun.dll Libmyfun.exp libmyfun.exports libmyfun .h libmyfun.lib Reading around and I think that Creating a myfun.cpp that is very famous is included: / * gateway function * / zero max function (ent NLHS, MXARRA * PLS [], int NRHS, CONST M Xeray * PHS []) Here is the Variable Deals * / / * code here * /} I have tried to do this and are called Regular of Max Generation: Max ('- v', 'myfun.cpp') But I get many errors, and I should say that my myfun.cpp copy / Paste Function is where I have a lot of doubts ... especially on input / output management. My q
    Read more