[RCD] Need some advices about feature to improve adressbook from LDAP filters

Julien Gribonvald julien.gribonvald at recia.fr
Wed Dec 5 19:23:58 CET 2012


Thanks for your response,

The things is that we doesn't use LDAP auth but the CAS auth.
After we doesn't permit user auth and access to ldap so I don't think 
that we can use your example if I understood your ldap configuration.

Julien


Le 05/12/2012 19:13, Jeroen van Meeuwen (Kolab Systems) a écrit :
> On 2012-12-05 16:44, Julien Gribonvald wrote:
>> My needs are for the adressbook feature using an LDAP, we would like
>> to do dynamic's filters depending on users attributes obtained at the
>> connection with a LDAP request.
>>
>
> Are you saying that you need, for example, a filter of:
>
>   (&(objectclass=inetorgperson)(location:$branch_office_1))
>
> for somebody that logs in that has an LDAP attribute 'location' set to 
> '$branch_office_1', or something along similar lines?
>
> You may want to consider something along the lines of (OpenLDAP 
> slapd.conf syntax):
>
> access to dn.subtree="ou=people,dc=example,dc=org"
>   by set.exact="this/location & user/location" read
>   by * none
>
> which reads as follows:
>
> Read, search, compare, auth and disclose access is granted to entries 
> in the OU=People sub-tree, for which the 'location' attribute value on 
> the entry searched/found is equal to the 'location' attribute value 
> for the user that bound to LDAP.
>
> This way, there's no need to modify code, and it'll work for other 
> LDAP clients as well.
>
> Kind regards,
>
> Jeroen van Meeuwen
>



More information about the dev mailing list