r Judith, Mark Raynolds, and Ludwig Krispenz for
their help!
--
Alistair Cunningham
+1 888 468 3111
+44 20 799 39 799
https://enswitch.com/
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fed
On 30/11/2018 00:00, Ludwig Krispenz wrote:
On 11/29/2018 12:12 PM, Alistair Cunningham wrote:
On 29/11/2018 20:12, Ludwig Krispenz wrote:> On 11/29/2018 12:32 AM,
Alistair Cunningham wrote:
Is there a neat way to replace the ACL below that needs to be added
once for each ou with one sin
On 29/11/2018 20:12, Ludwig Krispenz wrote:> On 11/29/2018 12:32 AM,
Alistair Cunningham wrote:
Is there a neat way to replace the ACL below that needs to be added
once for each ou with one single ACL that works for every ou? Perhaps
some way of saying that the "ou=2,dc=exampl
On 29/11/2018 10:54, Olivier JUDITH wrote:
Hello
Good news if it's working
I think that uid is mostly used.
Thank you, I'll do that.
--
Alistair Cunningham
+1 888 468 3111
+44 20 799 39 799
https://enswitch.com/
___
389-users mailing list -- 389
Is it best practice to use "cn=,ou=..." or
"uid=,ou=..." in DNs? What are the advantages and
disadvantages of each?
--
Alistair Cunningham
+1 888 468 3111
+44 20 799 39 799
https://enswitch.com/
___
389-users maili
ust
match the same string in the userdn part?
aci: (target="ldap:///ou=2,dc=example,dc=com;)(targetattr=*)(version
3.0;acl "aci2";allow (read,search)
userdn="ldap:///cn=*,ou=2,dc=example,dc=com;;)
On 29/11/2018 03:54, Mark Reynolds wrote:
On 11/27/18 8:15 PM, Alistair Cu
On 28/11/2018 12:08, Mark Reynolds wrote:
On 11/27/18 7:24 PM, Alistair Cunningham wrote:
I've added these acis, but a telephone (with objectClass 'person') in
tenant1 can still see people (with objectClass 'inetOrgPerson') in
tenant2. Presumably there needs to also be a blanket aci to forbid
:///ou=tenant2,dc=example,dc=com;)(targetattr=*)(version
3.0;acl "aci2";allow (read,search)
userdn="ldap:///uid=*,ou=tenant2,dc=example,dc=com;;)
Let me know
Le mar. 27 nov. 2018 à 00:03, Alistair Cunningham
mailto:acunning...@integrics.com>> a écrit :
On 26/
ou need.
Thank you, it works doing it purely as a person.
--
Alistair Cunningham
+1 888 468 3111
+44 20 799 39 799
https://enswitch.com/
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lis
On 27/11/2018 12:32, Mark Reynolds wrote:
On 11/26/18 7:44 PM, Alistair Cunningham wrote:
Thank you, I'll give that a go.
On a related topic, do you know why when I try to add a
simpleSecurityObject, I get a 'attribute "cn" not allowed' error?
$ cat 1234567890.ldif
dn: cn=12345678
om;;)
aci:
(target="ldap:///ou=tenant2,dc=example,dc=com;)(targetattr=*)(version
3.0;acl "aci2";allow (read,search)
userdn="ldap:///uid=*,ou=tenant2,dc=example,dc=com;;)
Let me know
Le mar. 27 nov. 2018 à 00:03, Alistair Cunningham
mailto:acunning...@integrics.com>&g
be by creating a 389 plugin that add a filter on the good
OU regarding the DN of user which make the call to the ldap.
That might be an option. Do you know where I can find documentation on
how to do this?
--
Alistair Cunningham
+1 888 468 3111
+44 20 799 39 799
https://enswitch.com
and password and search for
people. The only part missing is limiting the telephone lines to
searching within their own tenant (i.e. the same ou).
Any suggestions on how to do this? If this is not feasible using the ou
method, I'm willing to consider other methods such as groups.
--
Alistair
13 matches
Mail list logo