----- Wilhelm Meier <[EMAIL PROTECTED]> ha scritto: > Hi, > > I think this is a relative simple question but I did not use the > meta/ldap-backend before. > > We have an openldap-server for user authentification. The user bind as > > uid=<user>,ou=Benutzer,dc=kmux,dc=de > > where <user> is the actual username. > > We have a diffent application where only users of a special > posixGroup "Archiv" should be valid. The application is not capable > of doing some sort of filtering. > > So, I thought it must be passoble to do this filtering with the meta > or ldap-backup using the original ldap-db: > > the filter should look like: > > (&(cn=Archiv)(memberUid=<user>)(objectClass=posixGroup)) > > where <user> is the username as above.
Is the application binding? If it is, you can restrict what data its identity can access using ACLs (see the "filter" form of the <what> part of ACLs in slapd.access(5)). p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: [EMAIL PROTECTED] -----------------------------------
