Am Wed, 13 Nov 2013 16:11:03 +0100 schrieb Denny Fuchs linuxmail@4lin.net:
hi,
I plan the new ACL layout for our Wheezy LDAP server.
Our layout:
Main suffix: dc=example,dc=com
than the first department:
ou=department1,dc=example,dc=com ou=people,ou=department1,dc=example,dc=com uid=foobar,ou=people,ou=department1,dc=example,dc=com [...]
ou=groups,ou=department1,dc=example,dc=com gid=students,ou=groups,ou=department1,dc=example,dc=com [...]
ou=roles,ou=department1,dc=example,dc=com cn=mail,ou=roles,ou=department1,dc=example,dc=com cn=admins,ou=roles,ou=department1,dc=example,dc=com
ou=services,ou=department1,dc=example,dc=com ou=mail,ou=services,ou=department1,dc=example,dc=com cn=aliases,ou=mail,ou=services,ou=department1,dc=example,dc=com [...]
next department2, the same:
ou=department2,dc=example,dc=com ou=people,ou=department2,dc=example,dc=com uid=foobar,ou=people,ou=department2,dc=example,dc=com
[...] [...] ....
complete the same one, as department1
Now I stuck on the ACLs. I want to make use of RegEx, so that every department has its own roles, groups and admins and access only to there (for example) services.
[...] You may want to read http://www.openldap.org/faq/data/cache/1133.htm http://www.openldap.org/faq/data/cache/1134.html
-Dieter