mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-27 03:20:22 +08:00
37 lines
1.3 KiB
Plaintext
37 lines
1.3 KiB
Plaintext
|
Copyright 2005 The OpenLDAP Foundation. All rights reserved.
|
||
|
|
|
||
|
|
Redistribution and use in source and binary forms, with or without
|
||
|
|
modification, are permitted only as authorized by the OpenLDAP
|
||
|
|
Public License.
|
||
|
|
|
||
|
|
This directory contains native slapd plugins that implement access rules.
|
||
|
|
|
||
|
|
posixgroup.c contains a simple example that implements access control
|
||
|
|
based on posixGroup membership, loosely inspired by ITS#3849. It should
|
||
|
|
be made clear that this access control policy does not reflect any
|
||
|
|
standard track model of handling access control, and should be
|
||
|
|
essentially viewed as an illustration of the use of the dynamic
|
||
|
|
extension of access control within slapd.
|
||
|
|
|
||
|
|
To use the acl-posixgroup plugin, add:
|
||
|
|
|
||
|
|
moduleload acl-posixgroup.so
|
||
|
|
|
||
|
|
to your slapd configuration file; it requires "nis.schema" to be loaded.
|
||
|
|
It is configured using
|
||
|
|
|
||
|
|
access to <what>
|
||
|
|
by dynacl/posixGroup[.{exact,expand}]=<dnpat> {<level>|<priv(s)}
|
||
|
|
|
||
|
|
The default is "exact"; in case of "expand", "<dnpat>" results from
|
||
|
|
the expansion of submatches in the "<what>" portion. "<level>|<priv(s)>"
|
||
|
|
describe the level of privilege this rule can assume.
|
||
|
|
|
||
|
|
No Makefile is provided. Use a command line similar to:
|
||
|
|
|
||
|
|
gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \
|
||
|
|
-o acl-posixgroup.so posixgroup.c
|
||
|
|
|
||
|
|
to compile the posixGroup ACL plugin.
|
||
|
|
|