Univention Bugzilla – Bug 21631
Kundenspezifische Definition von LDAP-ACLs ermöglichen
Last modified: 2020-07-03 20:51:07 CEST
UCS sollte eine Möglichkeit enthalten kundenspezifisch LDAP-ACLs zu definieren, die sich auf einzelne Benutzer oder Benutzergruppen auswirken. Dies sollte ohne das Hinzufügen von LDAP-Schemata und das Entwickeln zusätzlicher kundenspezifischer Pakete möglich sein. Beispielimplementierung siehe Ticket #2010122310001404
Kannst du Patches anhängen und es beschreiben?
*** Bug 41432 has been marked as a duplicate of this bug. ***
Michel, Jan Christoph, is this issue still relevant? Can you attach the patches which have been created for this bug report or for #41432.
Not sure if the patches are still relevant but it is a request that appears from time to time that customers want to have specific access rights for the UMC. This inevitably leads to custom LDAP ACLs. Michel, do you have up to date patches?
(In reply to Jan Christoph Ebersbach from comment #4) > Not sure if the patches are still relevant but it is a request that appears > from time to time that customers want to have specific access rights for the > UMC. This inevitably leads to custom LDAP ACLs. I would say basically every larger Presales-Ticket what I get has somehow requirements for specific access rights for users. I prefer the term "delegative administration". I will try to sum up few use cases in the next days to clarify it. > > Michel, do you have up to date patches? Unfortunately not.
OK, I removed the 'Forked for project' flag. Please re-add it, if you have patches from forked packages.
As a workaround this might be useful? (details untested) . /usr/share/univention-lib/ldap.sh ucs_registerLDAPExtension "$@" \ --acl /root/myucs-customization/66myucs-customization.acl \ --packagename myucs-customization \ --packageversion 0.1 If this feature request is intended to not just add support for "custom LDAP ACLs", but more broadly, to add an interface for *generic* custom ACL managment, my impression is that this would be considerably more complex and one might be tempted to think about adding ACIs (in LDAP) in addition to the ACL templates. Or - one could go the other way and not implement a *generic* ACL management but instead a very reduced one which focuses on the most commonly requested access customizations - i.e. one could identify and define a basic delegation data model, like we have done for UCS@school.
We've started an approach for this in svn/dev/branches/ucs-4.2/component/univention-directory-manager-roles during a Hackathon
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.