ACI Design

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm designing new directory for keeping records about our company computers, accounts, etc... I would like to have number of different access levels like support, management, network technician,... Every entry would have multivalued attribute named for example accessclass to determine its access and there would be role for every access level. What is the best way to implement ACIs like "allow access to every entry with attribute accessclass=support for every member of role support"? 
I've found out that there are 3 options:
1) Create separate ACI for each access class
2) Create Macro ACI using something like
roledn = "ldap:///($attr.accessclass),ou=roles,dc=....."
But it seems, that this macro expands to accessclass=support,ou=roles,..
and thus my roles would need to be named using accessclass attribute instead of common name... 
3) Create ACI using userattr like this:
userattr = "accessclass#ROLEDN"
but this would require to have complete role RDN in user accessclass attribute. 

Which way would you suggest?


Radek

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux