On Thu, Oct 17, 2013 at 10:16:27AM -0400, Carlos R Laguna wrote:
> Hello everyone, for a while now i have ben using ldap groups to create
> restriccion classes for manage the access of my users like this
>
> correose_search_base = ou=Groups,dc=jovenclub,dc=cu
> correose_query_filter = (&(|(cn=CorreoSE))(memberUid=%u))
> correose_result_attribute = cn
This is ugly. It is better to customize the schema with appropriate
user attributes, so you can query the user object to determine the
right user policy.
LDAP is not SQL, and inverse relations (groups of user, rather than
users of group) are very difficult to express.
--
Viktor.
