I'm very new to LDAP and trying to setup inherited model for user logins with access level specific to department, etc.
Example schema would look like this:
DN: dc=domain,dc=com
/cn=people (groupOfNames)
/joe (inetOrgPerson)
/alex (inetOrgPerson)
/nick (inetOrgPerson)
/boss (inetOrgPerson)
/qaJane (inetOrgPerson)
/analystBob (inetOrgPerson)
/ou=groups (organizationalUnit)
/developers (groupOfNames)
member: uid=joe,cn=people,dc=domain,dc=com
member: uid=nick,cn=people,dc=domain,dc=com
/testers (groupOfNames)
member: uid=qaJane,cn=people,dc=domain,dc=com
/projectManagers (groupOfNames)
member: uid=alex,cn=people,dc=domain,dc=com
/analysts (groupOfNames)
member: uid=boss,cn=people,dc=domain,dc=com
member: uid=analystBob,cn=people,dc=domain,dc=com
/ou=applications (organizationalUnit)
/gitlab (groupOfNames)
member: cn=developers,ou=groups,dc=domain,dc=com
member: cn=projectManagers,ou=groups,dc=domain,dc=com
/redmine (groupOfNames)
member: cn=testers,ou=groups,dc=domain,dc=com
member: cn=developers,ou=groups,dc=domain,dc=com
member: cn=projectManagers,ou=groups,dc=domain,dc=com
/nfs (groupOfNames)
member: cn=analysts,ou=groups,dc=domain,dc=com
member: cn=projectManagers,ou=groups,dc=domain,dc=com
in short, it could be described like this:
- Many users
- Few groups (developer, manager, analyst, boss, etc.)
- Some groups include other groupes (ie: projectManagers are included in developers)
- Few applications.
- Applications include groups and / or users
What is a proper way to make a user search for login and consider user inheritance between all groups?
Ie. if I want to log in user into gitlab - filter like this, would work only for direct inclusion (if user is included directly into the object that I filter against, but it won't work for group inclusion): (&(objectClass=inetOrgPerson)(memberOf=cn=redmine,ou=applications,dc=domain,dc=com))
