Dear Community – how is it possible to make a UCS user “see” and search for only the members of their own UCS group? This is a frequently occurring scenario - for instance to separate workgroups or school classes. Example:
- UCS group1: User11, User12
- UCS group2: User22, User23
In all apps, 11 and 12 should see/find each other, but not 22 or 23 - and vice versa.
My primary use cases are Nextcloud and Kopano with OpenLDAP controlled by the UCS server they’re installed on – it’s be good to have a solution at least for these apps.
By creating an openldap ACL script, it’s possible to successfully limit visibility for ldapsearch, bound to a user; for example:
access to filter="univentionObjectType=users/user" by self break by set="user/gidNumber & this/gidNumber" break by set="user/kopano4ucsRole & [user]" none stop by * break
But this seems to have no effect on Nextcloud and Kopano (which might use their own logins to trawl the LDAP user directory?). All users can find each other in Nextcloud contacts and the Kopano Global Address List.
Any thoughts appreciated!