Am Wed, 26 Jun 2013 16:46:03 +0000 schrieb Mathew Wilson mat.wilson@uci.edu:

Hi, everyone-

I have a puzzle to solve here. We use LDAP for group management in JIRA, and for the most part it works well. However, when trying to add "watchers" to issues, we currently don't have a way to limit this to users who have been defined in LDAP groups. So, that means that the list of watchers is 25000 people long. Add to that the fact that this can possibly impact our licensing. Naturally, JIRA has no way to accomplish this at the moment.

What I need to do is make it so that only users we have defined in groups under a specific OU can be read. I had initially thought to use (memberOf=*), but we have groups under another OU that everyone belongs to. I would like to avoid having to create a special group for this, since membership in any group under our "application" ou implies access to JIRA.

How would you go about this?

Thera are quit a lot of possible solutions. You may - create dynamic groups and dynacl - name some attributes - design access rules by means of sets

man slapd.access(5) and http://www.openldap.org/faq/data/cache/189.html shows lots of examples Here are some links on sets http://www.openldap.org/faq/data/cache/1133.html http://www.openldap.org/faq/data/cache/1134.htm

-Dieter