Here is the problem I want to solve.
We have a mercurial source control server (Linux + Apache + mod_auth), that I want to configure so it works against LDAP (right now it's basic authorization on apache with passwords stored in .htpasswd files). I put developers in OU with name "Developers"
'OU=Developers,DC=us,DC=domain,DC=com'
the problem is that we have various projects and some of them should restrict access only to certain developers. I can put a different OU inside developers, but I can't have the same user account to be present in multiple OUs. At the same time I don't like to have multiple accounts per user (harder to manage in future)
SO I'm thinking is it possible to authorize against OU and certain logical group?
Like I created OU "Developers" and then created several windows groups - like ProjectA, projectB, projectC and assign developers to those groups as well.
Is it possible to configure LDAP base dn, so it looks for group as well?
thanks, Dmitry