Delegating rights to groups of users
Daniel Hoffend
dh at dotlan.net
Mon Feb 3 20:32:39 CET 2014
Hi Aleksej
make yourself familar with how LDAP ACLs are beeing stored and
maintenend in 389ds. You can give Groups write/read access to certain
fields on the whole directory or on subtrees and then assign people this
group. Kolab-Webadmin will then provide him write access to whatever
attributes he got permissions for.
http://directory.fedoraproject.org/wiki/Howto:AccessControl
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Access_Control.html
This is one of the example ACIs you find on a vanilla installation
$ ldapsearch -xW -D "cn=Directory Manager" -b "dc=example,dc=org" aci
[...]
# People, example.org
dn: ou=People,dc=example,dc=org
aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human
Resources)")(version 3.0;acl "HR Group Permissions";allow
(write)(groupdn = "ldap:///cn=HR
Managers,ou=groups,dc=example,dc=org");)
It's all done in ldap :-)
--
Regards
Daniel
------ Originalnachricht ------
Von: "Fеnикs" <fenuksuh at ya.ru>
An: users at lists.kolab.org
Gesendet: 03.02.2014 16:52:15
Betreff: Delegating rights to groups of users
>Hello,
>
>I'd like to let our HR department add and edit users in Kolab, but only
>certain fields, eg. lock roles, delegates and quota.
>Is there a way to give such rights? Preferably to a group.
>
>Regards,
>Aleksej
>_______________________________________________
>users mailing list
>users at lists.kolab.org
>https://lists.kolab.org/mailman/listinfo/users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2423 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/users/attachments/20140203/0443b934/attachment.bin>
More information about the users
mailing list