Group based ACLS

20 May 2010


      I have been reading http://www.openldap.org/doc/admin24/access-control.html and am evry interested in how sets can be applied to controlling ACLs. In the examples shown, all the relationships are tied to the user having an attribute such as a manager etc, but i would like to do this in reverse so that an account, lets say Admin, can only modify users that have an entry in a group such as
cn=Group,dc=example
memberUid: testuser
uid=testuser,dc=example
uid=someuser,dc=example
In this case Admin would be able to modify testuser, but not someuser. Is this possible, or do i need to enforce membership on the user as well such that
uid=testuser,dc=example
memberOf: group
William

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Group based ACLS