[RCD] Need some advices about feature to improve adressbook from LDAP filters
julien.gribonvald at recia.fr
Wed Dec 5 19:23:58 CET 2012
Thanks for your response,
The things is that we doesn't use LDAP auth but the CAS auth.
After we doesn't permit user auth and access to ldap so I don't think
that we can use your example if I understood your ldap configuration.
Le 05/12/2012 19:13, Jeroen van Meeuwen (Kolab Systems) a écrit :
> On 2012-12-05 16:44, Julien Gribonvald wrote:
>> My needs are for the adressbook feature using an LDAP, we would like
>> to do dynamic's filters depending on users attributes obtained at the
>> connection with a LDAP request.
> Are you saying that you need, for example, a filter of:
> for somebody that logs in that has an LDAP attribute 'location' set to
> '$branch_office_1', or something along similar lines?
> You may want to consider something along the lines of (OpenLDAP
> slapd.conf syntax):
> access to dn.subtree="ou=people,dc=example,dc=org"
> by set.exact="this/location & user/location" read
> by * none
> which reads as follows:
> Read, search, compare, auth and disclose access is granted to entries
> in the OU=People sub-tree, for which the 'location' attribute value on
> the entry searched/found is equal to the 'location' attribute value
> for the user that bound to LDAP.
> This way, there's no need to modify code, and it'll work for other
> LDAP clients as well.
> Kind regards,
> Jeroen van Meeuwen
More information about the dev