I'm very new to ldap and I'm basically trying to scope out if its the best tool for what I need at the moment.
I'm designing a simple ACL system for the small company I work for ( less than 100 staff ) to control access to our internal tools, at the moment all web based, but may not be in the future.
The basic elements of the ACL will be
Each group will have rights associated with it.
Each staff member can be a member of multiple groups, as well as have a list of individual rights
With this is place any software wanting to check if a staff-member should have access to a given feature can either check if the user is in a certain group, or more likely if the user has a certain right (or is in a group that is associated with that right).
At this point I've got a pretty limited understanding of ldap (haven't not have a chance to really get into it yet) so I'm not sure if this is something ldap will do well?
My initial thoughts on how to do this was to create a rights and group schema, and add a rights field (not sure if thats to correct term) to person. where the rights field could hold multiple rights.
group would also have a rights field, again holding multiple rights and a members field, holding multiple people.
I would be very thankful for any comments or suggestions on how best to approach this.