-
Notifications
You must be signed in to change notification settings - Fork 29
Restricting to set ous
Arcath edited this page Jul 15, 2011
·
1 revision
By changing the LDAP base string its possible to restrict access to your application to users within specific Organisation Units (OUs).
If your OU structure was:
company.local
| - Computers
| - Domain Controllers
| - Company
| - Developers
| - Finance
| - IT Support
and you wanted to restrict access to users in the Developers OU you would set the base string to:
c.base = "ou=Developers, ou=Company, dc=company, dc=local"
When a user outside the allowed OUs attempts to login adauth will return the same as if they had entered an in correct username and password.
You can only have one base string and can only limit to one OU. If you wanted to give Finance ou access you would have to limit it to Company and give IT support access as well. It is recommended that you use group access restrictions as you can then grant access by simply adding users to security groups.