Re: Help: LDAP using alias to reference value of another attribute

Friday, 10 April 2015

--On Friday, April 10, 2015 5:02 PM +0400 Poul Etto <zepouletto(a)gmail.com&gt; 
wrote:

...

 Hi,

 Thank you for answers...

 Michael: We didn't know about it... We need such a structure as each of
 our employees has an account but does not always have access to all our
 services (and there really are many), so we prefered spliting everything
 in different OUs. 
That's very poor design.

...
 Quanah: To be honest, we have no LDAP expert in our technical team,
so if
 you have some time to explain how to set it up in a good way, we would be
 very glad. 
The most trivial way to do it is to create a AUX objectClass that has an 
attribute that tracks which services an employee has access to, and then 
simply configuring things to use that attribute when allowing access to a 
system.

olcAttributeTypes: ( companyOID
  NAME ( 'myCompanyServices' )
  DESC 'services an employee has access to'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  EQUALITY caseIgnoreMatch)

olcObjectClasses: ( myCustomObject
  NAME 'myCustomObject'
  DESC 'Custom object for my company'
  SUP top AUXILIARY
  MAY (
    myCompanyServices $
  )
)

Then add that AUX OC onto any account.

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Help: LDAP using alias to reference value of another attribute