[Date Prev][Date Next] [Chronological] [Thread] [Top]

Best method to set access permissions to third parties application with LDAP

To: openldap-technical@openldap.org
Subject: Best method to set access permissions to third parties application with LDAP
From: Benjamin Watine <watine@cines.fr>
Date: Thu, 31 Jan 2008 10:56:47 +0100
User-agent: Thunderbird 2.0.0.6 (X11/20071022)

Hello the list,

I have to use LDAP to define access permissions for many third parties applications.

So, I wonder what is the best way to organize my LDAP tree. I see two possibilities :

- Set a LDAP group for each access level of each application, and create users that belongs to those groups. ex : GlobalServiceGroup | |__Application1Group | |__guestGroup | | |__user1 | | |__user2 | |__userGroup | | |__user3 | | |__user4 | |__adminGroup | |__Application2Group |__devTeamGroup | |__user1 | |__user2 | |__user3 | |__user4 |__testTeamGroup |__adminTeamGroup

The problem of this solution is that I have to set a lot of groups, so my LDAP tree would became very complex to administrate.

- Another way would be to define my own LDAP classes, with an attribute for each application that define the access level (guest, user, admin, etc). The problem of this solution is that I'm not anymore in the standard LDAP schema, and loose interoperability with standards LDAP clients.

What is the best way to set that. Is there is another possibility than the two I mentioned before ?

Thank you !

Ben

Follow-Ups:
- Re: Best method to set access permissions to third parties application with LDAP
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: ldap_search_ext_s: maximum no of entries
Next by Date: Re: ldap_search_ext_s: maximum no of entries
Index(es):
- Chronological
- Thread