Hello, I have an LDAP question here. When configuring the LDAP User folder, The User Base DN looks something like this: ou=Administration,ou=Occupations,ou=Internal,ou=Personnel,dc=<MyClient>,dc=<Clients Domain> The <> are used by me in this e-mail to indicate the client and client's top level domain. I'm not using the real clientname, etc for privacy reasons. The problem I have is that the first ou, which I list as Administration, is really a variable, i.e. I could have ou=Administration, or ou=Finance, etc. etc. etc. depending on who logs in. How do I tell LDAPUserFolder (or LDAP itself) that the first ou is a variable field rather than a constant? I tried doing ou=*,ou=... but that doesn't work. Thanks, Braun Brelin ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
I have an LDAP question here. When configuring the LDAP User folder, The User Base DN looks something like this:
ou=Administration,ou=Occupations,ou=Internal,ou=Personnel,dc=<MyClient> ,dc=<Clients Domain>
The problem I have is that the first ou, which I list as Administration, is really a variable, i.e. I could have ou=Administration, or ou=Finance, etc. etc. etc. depending on who logs in.
How do I tell LDAPUserFolder (or LDAP itself) that the first ou is a variable field rather than a constant? I tried doing ou=*,ou=... but that doesn't work.
you cannot. what you need to do is trim the base DN down to the branch that they all share. in your case that would be
ou=Occupations,ou=Internal,ou=Personnel,dc=<MyClient>,dc=<Clients
jens
That seemed to work. Thanks. Now I have one more question. :-) The documentation seems to says that user roles should be stored as "groups" in LDAP. So, just to clarify, if I have the following user roles: Manager Member Owner Author Publisher Reviewer Dept_Member Should each of these roles be listed as a separate group in LDAP? Thanks, Braun Brelin Quoting Jens Vagelpohl <jens@zope.com>:
I have an LDAP question here. When configuring the LDAP User folder, The User Base DN looks something like this:
ou=Administration,ou=Occupations,ou=Internal,ou=Personnel,dc=<MyClient> ,dc=<Clients Domain>
The problem I have is that the first ou, which I list as Administration, is really a variable, i.e. I could have ou=Administration, or ou=Finance, etc. etc. etc. depending on who logs in.
How do I tell LDAPUserFolder (or LDAP itself) that the first ou is a variable field rather than a constant? I tried doing ou=*,ou=... but that doesn't work.
you cannot. what you need to do is trim the base DN down to the branch that they all share. in your case that would be
ou=Occupations,ou=Internal,ou=Personnel,dc=<MyClient>,dc=<Clients
jens
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
On Tuesday, Jun 10, 2003, at 11:52 US/Eastern, Braun Brelin wrote:
That seemed to work. Thanks. Now I have one more question. :-)
The documentation seems to says that user roles should be stored as "groups" in LDAP. So, just to clarify, if I have the following user roles:
Manager Member Owner Author Publisher Reviewer Dept_Member
Should each of these roles be listed as a separate group in LDAP?
if you want to retrieve role information from the LDAP server then you must have suitable group records with the names of roles you need underneath the point in the LDAP tree that you specified as groups search base in your configuration. so if you need all these roles then you must create those group records (see "Groups" tab in the ZMI). jens
participants (2)
-
Braun Brelin -
Jens Vagelpohl