Cool Solution - Custom LDAP ACLs

From Univention Wiki

Revision as of 08:24, 24 May 2016 by Rehberg (talk | contribs) (Created page with "{{Version|UCS=4.1}} {{Cool Solutions Disclaimer}} {{Cool Solutions Disclaimer|Repository=yes}} {{Review-Status}} First of all install the package univention-custom-ldap-acls via...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Produktlogo UCS Version 4.1

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Packages provided by a Cool Solutions Repository are built by Univention, but will not be maintained. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.
Note: This article is not yet reviewed.


First of all install the package univention-custom-ldap-acls via the command

univention-install univention-custom-ldap-acls

The package should be create some new UCR variables. Check these with the following command

ucr search acls

You should see these variables:

ldap/acls/custom/univentionCustomACLReferenceGroupModify/attrs: uniqueMember,memberUid
ldap/acls/custom/univentionCustomACLReferenceGroupModify/create: yes
ldap/acls/custom/univentionCustomACLReferenceGroupModify/description: Bearbeiten von Gruppen
ldap/acls/custom/univentionCustomACLReferenceGroupModify/filter: objectClass=univentionGroup
ldap/acls/custom/univentionCustomACLReferenceUserCreate/create: yes
ldap/acls/custom/univentionCustomACLReferenceUserCreate/description: Anlegen von Benutzern
ldap/acls/custom/univentionCustomACLReferenceUserCreate/filter: objectClass=posixAccount

After that, switch to the Univention Management Console and open the LDAP directory module. Expand the tab univention and search for custom attributes -> LDAP ACLs Click on "Add" and choose Settings: Extended attribute. Fill out the text fields as the follows: Tab General:

Unique name: edit-user
Short description: Editing users

Tab Module:

Modules to be extended: Container: Container, Container: Organizational Unit 

Tab LDAP mapping:

LDAP object class: univentionCustomACLReferences
LDAP attribute: univentionCustomACLReferenceUserCreate
Tick remove object class if the attribute is removed

Tab UMC:

Ordering number: 1
Tab name: authorization

Tab Data type:

Syntax class: uerDn
Tick multi value
Tick editable after creation
Personal tools