--On Friday, April 10, 2015 11:47 PM +0200 Michael Ströder michael@stroeder.com wrote:
Poul Etto wrote:
Thank you for answers...
Michael: We didn't know about it... We need such a structure as each of our employees has an account but does not always have access to all our services (and there really are many), so we prefered spliting everything in different OUs.
You should use group entries for authorization. I'm also using slapo-memberof which automatically adds back link attribute 'memberOf' to group member entries. This gives you best flexibility with most LDAP enabled applications.
Or you can use slapo-dyngroup with the method I laid out, much more effective IMHO.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration