Hi Honza,
first of all, please upgrade your LAM installation. In 8.0 a severe
security issue was fixed. If the instance is accessible from the
internet, reinstall the server to be on the safe side.
The permissions should be setup on server-side to enforce them for all
administration tools.
Regarding LAM you could setup two server profiles and limit the access
using the filter for LDAP search login method (first tab), e.g.:
(&(uid=%USER%)(memberof=branchLeaders))
On tab account types you can then limit the users with an additional
LDAP filter:
(memberof=employees)
This way the users will only see employees.
To get the filters working you need to make group memberships visible at
the user entries (virtual attribute).
This can be done e.g. in OpenLDAP with the "Dynamic list" overlay.
About the trial, I will send this separately.
Best regards
Roland
Am 14.02.23 um 19:16 schrieb Jan Doležal:
Hello,
I'm trying to run openLDAP server with LAM used for managing records.
I have running LAM in version 7.7 on dedicated server and everything
seems to work as expected so far, but I need to implement certain
functionality for client and I was unable to find more detailed
explanation in docs nor anywhere else.
I would like to know if it is possible to setup certain group so users
inside this group could edit users from another certain group.
For example users in group admin could edit everyone, users from group
"branchLeaders" could edit users from group "employees" and users from
group "employees" wouldn't even able to login.
Is it possible to implement this exact functionality using Roles module
or by setting up Access levels?
I was also curious if it would be possible to get trial version of LAM
Pro so I can try it out.
Thank you very much for your response.
Honza
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
