mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-30 11:39:34 -05:00
a5abeb92ec
OpenLDAP Software (though they may not necessarily be supported by the OpenLDAP Project). Assistance in updating ACKNOWLEDGEMENTS welcomed.
37 lines
1.3 KiB
Text
37 lines
1.3 KiB
Text
This directory contains native slapd plugins that implement access rules.
|
|
|
|
posixgroup.c contains a simple example that implements access control
|
|
based on posixGroup membership, loosely inspired by ITS#3849. It should
|
|
be made clear that this access control policy does not reflect any
|
|
standard track model of handling access control, and should be
|
|
essentially viewed as an illustration of the use of the dynamic
|
|
extension of access control within slapd.
|
|
|
|
To use the acl-posixgroup plugin, add:
|
|
|
|
moduleload acl-posixgroup.so
|
|
|
|
to your slapd configuration file; it requires "nis.schema" to be loaded.
|
|
It is configured using
|
|
|
|
access to <what>
|
|
by dynacl/posixGroup[.{exact,expand}]=<dnpat> {<level>|<priv(s)}
|
|
|
|
The default is "exact"; in case of "expand", "<dnpat>" results from
|
|
the expansion of submatches in the "<what>" portion. "<level>|<priv(s)>"
|
|
describe the level of privilege this rule can assume.
|
|
|
|
No Makefile is provided. Use a command line similar to:
|
|
|
|
gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \
|
|
-o acl-posixgroup.so posixgroup.c
|
|
|
|
to compile the posixGroup ACL plugin.
|
|
|
|
---
|
|
Copyright 2005-2009 The OpenLDAP Foundation. All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted only as authorized by the OpenLDAP
|
|
Public License.
|
|
|