Re: Limiting access to same ou

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 26/11/2018 18:59, Olivier JUDITH wrote:

Hi,

I'm using the Redhat documentation on this link
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html-single/plug-in_guide/index
That looks rather complex. It's a real shame that there's no way of limiting users to the same ou using a regular expression ACL. 


Regards
 lun. 26 nov. 2018 à 05:46, Alistair Cunningham <acunningham@xxxxxxxxxxxxx <mailto:acunningham@xxxxxxxxxxxxx>> a écrit : 

    On 25/11/2018 11:44, Olivier JUDITH wrote:
     >  From my point of view , the easiest way to solve this is to set
    a search filter on the OU corresponding to the tenant on each phone.
     > Can you modify the software on the phone ?

    Unfortunately not. The telephone handset firmware is written by various
    third parties, and we have no access to it.

    This would also be insecure. Anyone with the username and password of a
    telephone and who could use an LDAP client such as LDAP search could
    bypass the filter to see all the users in all the tenants (i.e.
    every ou).

     > The other way could be by creating  a 389 plugin that add a
    filter on the good OU regarding the DN of user which make the call
    to the ldap.

    That might be an option. Do you know where I can find documentation on
    how to do this?
-- Alistair Cunningham 
    +1 888 468 3111
    +44 20 799 39 799
    https://enswitch.com/


_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx



--
Alistair Cunningham
+1 888 468 3111
+44 20 799 39 799
https://enswitch.com/
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux