On 04/16/2018 05:17 PM, Mariusz Gronczewski wrote:
Hi,
Each of our users have DN like uid=xani,ou=users,dc=root,dc=example,dc=com
There is also group hierarchy with POSIX groups having users as memberUid
I have aci (at the ou=groups):
(targetattr = "*") (targetfilter = (|(memberUid=xani)(ou=groups))) (version 3.0;acl "test auth";allow (read,compare,search)(userdn = "ldap:///anyone";);)
that allows a certain user to see only POSIX groups where they belong by filtering them by (memberUid=xani).
Is it possible to make a filter that would do same but dynamically take current binded user uid in the filter. Basically I'd like to filter by (memberUid=$binded_user_uid), is that possible ?
It should be possible, read about "defining access based on value
matching. Your aci should look something like
....... allow(....) userattr = memberuid#USERDN
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
