Comment 1 Stefan Gohmann 2013-03-24 14:53:16 CET

Kannst du Patches anhängen und es beschreiben?

*** Bug 41432 has been marked as a duplicate of this bug. ***

Comment 3 Stefan Gohmann 2016-11-28 07:28:57 CET

Michel, Jan Christoph, is this issue still relevant? Can you attach the patches which have been created for this bug report or for #41432.

Comment 4 Jan Christoph Ebersbach 2016-11-28 08:42:37 CET

Not sure if the patches are still relevant but it is a request that appears from time to time that customers want to have specific access rights for the UMC.  This inevitably leads to custom LDAP ACLs.

Michel, do you have up to date patches?

(In reply to Jan Christoph Ebersbach from comment #4)
> Not sure if the patches are still relevant but it is a request that appears
> from time to time that customers want to have specific access rights for the
> UMC.  This inevitably leads to custom LDAP ACLs.

I would say basically every larger Presales-Ticket what I get has somehow requirements for specific access rights for users. I prefer the term "delegative administration".
I will try to sum up few use cases in the next days to clarify it.

> 
> Michel, do you have up to date patches?

Unfortunately not.

Comment 6 Stefan Gohmann 2016-11-30 06:26:46 CET

OK, I removed the 'Forked for project' flag. Please re-add it, if you have patches from forked packages.

Comment 7 Arvid Requate 2016-11-30 13:29:16 CET

As a workaround this might be useful? (details untested)

. /usr/share/univention-lib/ldap.sh
ucs_registerLDAPExtension "$@" \
        --acl /root/myucs-customization/66myucs-customization.acl \
        --packagename myucs-customization \
        --packageversion 0.1

If this feature request is intended to not just add support for "custom LDAP ACLs", but more broadly, to add an interface for *generic* custom ACL managment, my impression is that this would be considerably more complex and one might be tempted to think about adding ACIs (in LDAP) in addition to the ACL templates.

Or - one could go the other way and not implement a *generic* ACL management but instead a very reduced one which focuses on the most commonly requested access customizations - i.e. one could identify and define a basic delegation data model, like we have done for UCS@school.

Comment 8 Ingo Steuwer 2017-06-12 12:33:57 CEST

We've started an approach for this in svn/dev/branches/ucs-4.2/component/univention-directory-manager-roles during a Hackathon

Comment 9 Ingo Steuwer 2020-07-03 20:51:07 CEST

This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.