I've tried your idea. It worked well with groupOfNames.
Then I've tried to implement the memberof overlay for a user specific objectClass:
While adding the ldif, a "unable to find group objectClass=" GroupOfPermissions
The objectClass is available on the server and is a self created objectclass.
Do I have to include some paths to announce the objectClass?
Von: Dieter Klünter [mailto:firstname.lastname@example.org]
Gesendet: Freitag, 28. August 2015 09:36
An: Fischer, Johannes
Betreff: Re: Permission management with LDAP
Am Fri, 28 Aug 2015 06:06:06 +0000
schrieb "Fischer, Johannes" <johannes.fischer(a)ipa.fraunhofer.de>:
I didn’t want to do a thread high jacking so here a second mail with a
complete other question
If I’have a structure like:
Now I want to get the authorization for some permission, So I have the
information which user and which Permission. Now I need to match the
list. The way it already work: Get all Roles for a Permission
Search in the user for the Role If found Authorization
Else no Therefore I need at least two requests to the LDAP server
For this sort of tasks I use slapo-memberof(5) and a proper filter.
Something like (&(uid=$1)(memberOf=myGroup))
Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B