[dev] Re: Group class and Datatree
Kevin Myer
kevin_myer at iu13.org
Fri Apr 8 17:07:02 PDT 2005
Quoting Edward Rudd <erudd at netfor.com>:
>
> Also I have a patch to "chroot" the DN of users, so that a user in domain
> b can only see users from domain B on a shared install of horde, but I
> would require a full ldap driven group backend to show per domain groups
> and not allow users to access groups from other domains.
Does your patch handle groups only or does it handle blocking of all
views from
one domain to another (i.e. user at domain1 can't see any shares for
user at domain2,
can't see them as a user, and could have an identical userid, except for the
domain). If so, that would be extremely useful, as trying to run multiple
domains on one install resulted in users checking the "All
Authenticated Users"
permissions, and granting access to all users of all domains in that install,
not just for their domain. So I went back to maintaining a separate
installation per domain.. With hooks, and a "chroot DN" patch, I think it
would be possible to go back to one installation - _much_ easier to maintain.
Kevin
--
Kevin M. Myer
Senior Systems Administrator
Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org
(717) 560-6140
More information about the dev
mailing list