be able to select all user from ou=people,dc=opensides,dc=be but be confined to your branch for all the rest

Hello,

in some case its useful to be able to select user from the whole people branch and be confined in your branch for everything else.

if i use two acl, one to put me in a branch and just there and the second for giving access to only users i can still got to other department defeating the isolation.

The way to be able to keep isolation and still get access to the main ou=people,dc=opensides,dc=be when inside a confined department with a first acl is to be able to put an acl on ou=people,dc=opensides,dc=be.

so i propose to have a flag in the configuration backend that if activated make the top people branch appears in acl assigment

The scenario is corresponding to :

1. i want all my users in ou=people,dc=opensides,dc=be
2. i want to ba able to delegate users to manage ou (aka department) and be confined in it.
3. i want to be able to select users from ou=people,dc=opensides,dc=be to be put in groups, roles etc being confined in my ou.

Cheers

(from redmine: issue id 4561, created on 2016-03-01, closed on 2016-03-08)

• Changesets:
  • Revision 3d242f8a by Côme Chilliet on 2016-03-03T12:05:53.000Z:

Fixes #4561 Acl assignments can now be created on any dn

• Revision f810afb2 by Côme Chilliet on 2016-03-03T12:06:51.000Z:

Fixes #4561 Acl assignments can now be created on any dn

• Revision ac7d09f1 by Côme Chilliet on 2016-03-07T03:36:13.000Z:

Fixes #4561 plCategory needs to be an array

• Revision ee81f374 by Côme Chilliet on 2016-03-07T03:37:05.000Z:

Fixes #4561 plCategory needs to be an array