Re: How do I restrict groups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/09/2013 10:07 PM, Mark Reynolds wrote:
Hi Andy,

What exactly do mean restrict the number of users/groups?  Like a size limit, or you want to restrict particular users/groups that the client can see?

If you want to restrict particular entries then you should use access control - as long as your client is not binding as the root DN(cn=directory manager):

https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Access_Control.html


Andy,

I would use "Views" to do so. They are compared to like a filter (without specifying the on the client) but mandatory to authenticate (as you would like to limit the base what they can see). There for you would add some unique identification for your objects (eq. nsrole: cn=myApplicationName,dc=example,dc=com of course you can have multiple ones)
then you create an object like

dn: ou=MyView,dc=example,dc=com
objectClass: top
objectClass: nsview
objectClass: organizationalUnit
ou: MyView
nsviewfilter: (nsrole=cn=myApplication,...)

and restrict the DN's your clients authenticating against your Directory to this view only ...

https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/using-views.html

regards
mIke



Regards,
Mark

On 07/08/2013 06:43 PM, Andy Spooner wrote:

How do I restrict the number of groups or users that an application/service can see?

I have an application that authenticates against 389. I want to restrict the groups that are available to the application.

 

Regards

Andy

 

The contents of this email are strictly confidential to the intended recipient(s).  If received in error you may not copy or distribute this message and should delete and destroy all copies and kindly notify the sender by return email.  Emails may be interfered with, may contain computer viruses or other defects.  SHORT FILMS 4 U Limited gives no warranties in relation to these matters.

 

 

 



--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

-- 
Mark Reynolds
Red Hat, Inc
mreynolds@xxxxxxxxxx


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux