[Date Prev][Date Next] [Chronological] [Thread] [Top]

Single Sign-On model and LDAP Structure

To: openldap-software@OpenLDAP.org
Subject: Single Sign-On model and LDAP Structure
From: Flavio Alves <flavio-l-alves@ptinovacao.pt>
Date: Fri, 20 Sep 2002 15:49:32 +0100

Hi.

I'm building a single sing-on server. However, I'm have some doubts on the
LDAP structure.

I need to create an LDAP structure to hold users and applications access
control.
And application has a set of valid permissions like "INSERT $ TABLE_X". An
application has also a defined group of permissions. Each group can have one
or more permissions that were defined for that application.
A user can belong at most to one group for each application.

Following there's the structure I'm thinking about.
I've not created the LDIF file yet because I'm still working on the model.

+ example.com
  + Users
    + Canada
      - User 1     {holds the user info and password}
      - User 2     
    + US
      - User 3
      - User 4
  + Applications
    + Application 1
      - Existing Permissions {holds a list of valid permissions}
      + Groups
        - Group 1            {holds a list of permissions defined in
"Existing Permissions"}
        - Group 2

In order for this to work, I might need to create new objectClasses. I'm not
quite sure.
What do you think about this structure? Do you see problems in this
approach.

And one important final question: IS THERE ALREADY A STANDART TO CREATE THIS
MODEL I'M WORKING ON?

------------
Thxs,
Flavio Alves

Prev by Date: RE: Problems with OpenLDAP 2.1.4 and Kerberos
Next by Date: slurpd and syslog
Index(es):
- Chronological
- Thread