Bug 57133 – Feature-Request: OU/CN restrictions

Bug 57133 - Feature-Request: OU/CN restrictions


Summary:	Feature-Request: OU/CN restrictions

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	UDM (Generic)
Version:	UCS 5.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2024-03-11 12:35 CET by Robert Heyer
Modified:	2024-03-11 13:53 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Heyer

2024-03-11 12:35:34 CET

It should be useful in greater environments if you can define which objects you can create in a ou/cn.

Example: I'll create a cn like users and in this cn i can only create user objects. In reverse in this cn i can't create a computer object.

Comment 1 Jan-Luca Kiok

2024-03-11 13:53:01 CET

Thanks for this request!
From my understanding the Guardian is already capable of being able to create capability that (dis-)allows certain object types from being created if their superordinate matches a certain condition (as long as that information is present at the object to be created), which means that this is something that needs to be implemented in the application managing objects which then might use the Guardian to achieve this -> I guess UDM makes the most sense for the time being.