Roles & Groups

Daniel Hoffend dh at dotlan.net
Wed Sep 3 15:37:41 CEST 2014 

You must see the bigger picture of LDAP and User Management. It's not 
just
about a small email server. Many other applications support auth against
ldap servers including allowing access to certain resources via group
memberships.

## Groups

You basically have 4 groups
* Standard Groups (groupOfNames)
* Unix Groups (aka posixGroup) similar to /etc/group but in ldap.
* Distribution List static (static mail distribution list)
* Distribution List dynamic (mail distribution list based on ldap search 
filter)

In additional the ldap servers can also provide ACLs for members of 
group X
(example HR is allowed to write on some LDAP attributes in ou=People)

## Roles

are something different. While groups are their own object roles are 
basically
names/flags attached to an object (mostly user in this case). 
Applications can
filter for those user attributes and react to this (similar to group 
membership
but different and bound to a user).

Example:
1) The LDAP Server has an ACL that someone with the Role "kolab-admin" 
is allowed
    to write at the whole ldap directory
2) Roundcube can be configured to enable certain modules or config 
options based
    to assigned roles

You can find some use cases documented here:
https://docs.kolab.org/deployment-guide/hosted-kolab-groupware-deployment.html?highlight=role#differentiating-access-levels


Basically learn about LDAP and what LDAP can do or which application 
could make
use of LDAP and how LDAP is beeing used in bigger enviroments. That it 
all starts
to make sense. In a small SOHO enviroment with perhabs 5-50 mail 
accounts roles
and groups might not be as important.


--
Regards
Daniel




------ Originalnachricht ------
Von: "Stuart Naylor" <StuartIanNaylor at inbox.com>
An: "users at lists.kolab.org" <users at lists.kolab.org>
Gesendet: 03.09.2014 05:29:17
Betreff: Roles & Groups

>
>
>Haven't really got Roles & groups into my thick skull.
>
>
>
>Are groups purely distribution groups?
>
>
>
>I created a shared folder and thought OK cool and a group to the 
>permissions on that.
>
>Seems you can only add individual users as the group permissions didn't 
>seem to work.
>
>
>
>So if anybody can give me a primer on groups and roles.
>
>
>
>I am struggling to see the difference or understand the difference 
>between a role and group.
>
>
>
>Also with roles where do you set what that role can do.
>
>
>
>I will leave it as that as its obvious I am confused maybe someone can 
>just supply a bit of info to this noob.
>
>
>
>Stuart.
>
>
>
>--------------------------------------------------------------------------------
>Free Online Photosharing - Share your photos online with your friends 
>and family!
>Visit http://www.inbox.com/photosharing to find out more!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5714 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/users/attachments/20140903/52c352cc/attachment.bin>

More information about the users mailing list