[EMAIL PROTECTED] wrote:
Hi,
Can I use two lewel of groups for flexible rights sharing to users ?
Example :
dn: cn=test1, ou=grupas, ou=roles, ou=tm
objectClass: groupOfNames
description: 1 testa grupa
member: cn=test2,ou=grupas,ou=roles,ou=tm
cn: test1
dn: cn=test2, ou=grupas, ou=roles, ou=tm
objectClass: groupOfNames
description: 2 testa grupa
cn: test2
member: uid=eiduks,ou=users,ou=tm
dn: uid=eiduks, ou=users, ou=tm
userPassword:: ....
uid: eiduks
objectClass: inetOrgPerson
sn: Eiduks
cn: Andris Eiduks
access to
dn.exact="ou=mnuLinks,ou=mnuAMM,ou=ui,ou=cl,ou=components,ou=tm"
by group="cn=test1,ou=grupas,ou=roles,ou=tm" read
by * none
No, it's not possible; actually, yes, something like that is possible
using dynamic groups (builtin for ACL checking; need slapo-dyngroup(5)
or slapo-dynlist(5) for more general use). You need to use
groupOfURLs/memberURL instead of groupOfNames/member, and each memberURL
must represent a search that selects portions of the members of the
dynamic group.
p.
