Am Wed, 26 Jun 2013 16:46:03 +0000 schrieb Mathew Wilson <[email protected]>:
> Hi, everyone- > > I have a puzzle to solve here. We use LDAP for group management in > JIRA, and for the most part it works well. However, when trying to > add "watchers" to issues, we currently don't have a way to limit this > to users who have been defined in LDAP groups. So, that means that > the list of watchers is 25000 people long. Add to that the fact that > this can possibly impact our licensing. Naturally, JIRA has no way to > accomplish this at the moment. > > What I need to do is make it so that only users we have defined in > groups under a specific OU can be read. I had initially thought to > use (memberOf=*), but we have groups under another OU that everyone > belongs to. I would like to avoid having to create a special group > for this, since membership in any group under our "application" ou > implies access to JIRA. > > How would you go about this? Thera are quit a lot of possible solutions. You may - create dynamic groups and dynacl - name some attributes - design access rules by means of sets man slapd.access(5) and http://www.openldap.org/faq/data/cache/189.html shows lots of examples Here are some links on sets http://www.openldap.org/faq/data/cache/1133.html http://www.openldap.org/faq/data/cache/1134.htm -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
