----- Wilhelm Meier wilhelm.meier@fh-kl.de ha scritto:
Hi,
I think this is a relative simple question but I did not use the meta/ldap-backend before.
We have an openldap-server for user authentification. The user bind as
uid=<user>,ou=Benutzer,dc=kmux,dc=de
where <user> is the actual username.
We have a diffent application where only users of a special posixGroup "Archiv" should be valid. The application is not capable of doing some sort of filtering.
So, I thought it must be passoble to do this filtering with the meta or ldap-backup using the original ldap-db:
the filter should look like:
(&(cn=Archiv)(memberUid=<user>)(objectClass=posixGroup))
where <user> is the username as above.
Is the application binding? If it is, you can restrict what data its identity can access using ACLs (see the "filter" form of the <what> part of ACLs in slapd.access(5)).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------