-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Brian,
On 17.07.2012 22:09, Brian Riffle wrote: > 1. In the profile editor, I can specify all the customer service > accounts that can login by setting security to "fixed list" and > specifying them, however, that is a bit of a long list, that I > don't want to maintain. Instead, I would like to search my ldap > domain for members of the group > 'cn=cust_support,ou=group,dc=example,dc=com" and allow anyone in > that ldap group to be able to log into the support Profile. I'm > not sure how to structure the ldap filter to make that work. this is not possible via filter because you need some filter attribute in the user account itself. You can try "Reverse Group Membership Maintenance": http://www.openldap.org/doc/admin24/overlays.html > 2. I can make the above work with a fixed list, however, I am > struggling with the OpenLDAP permissions. I have a Centos 6 > server, which uses the > > I have tried making cn=cust_support,ou=group,dc=example,dc=com both > a posixGroup, and a groupOfNames. Both of them, when I go to save > a new users, I get "insufficient access" Try the OpenLDAP mailinglist if you get no response here. ACLs can be *very* tricky... - -- Best regards Roland LDAP Account Manager http://www.ldap-account-manager.org/ Want more? Get LDAP Account Manager Pro! http://www.ldap-account-manager.org/lamcms/lamPro -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAF0DQACgkQq/ywNCsrGZ7tagCeP6jVijKJdosqB9xcm+89L9sw wJ0An2S5v46ZyQt22Mgwkne2NZ48IMeZ =isUY -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
