Hi all,
Is it possible for Organisational Units in an LDAP directory to be granted rights equivilant as a group?
Eg. My directory tree might lookk like this:
O=Challenger
OU=Sydney
OU=Hobart
OU=IT_Staff
CN=User
I wish to grant access to areas of the website to all Hobart staff.
If I goto the permissions page of the page I can select OU=Hobart as a read access group, however when I try to access the page I get a "You do not have permission to access Members" error.
Am I to understand the OU cannot be granted rights this way?
I do not want to create a group of all these users as I should be able to leverage the directory structure. This should be a simple patch as all we need to do is compare the DN's of the OU and the user - they should match…
(BTW - I am using AD to test with, but production will be Novell eDirectory - I am happy to help where i can)
At the moment, you can't assign permissions to OUs. I believe this has already been requested as a feature though.
It has already been done, but not released yet. Probably needs some testing with Active Directory, but works for openLDAP and eDirectory.
You could always assign permission with openLDAP OUs though, because thats how our staff directory works.