[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP and groups

I'm new to LDAP.

I'm in the process in making an application that uses
an LDAP directory for user authorisation (the user is
already authenticated against the LDAP directory when
she reaches my application). I want to have different
users tied to usergroups or roles, and in that way
check what the user can/can't do, based on the groups
or roles to which they belong.

There's already a lot of user data in the directory,
and I want an "easy" way of making the connection
between the user and the groups. My idea is to make a
new branch, ie
ou=myapp,ou=internal,dc=mycompany,dc=no, and have one
entry there per group. This entry will then hold
either one entry per user in that group, or just one
entry per group, and a list of userIDs as an

A typical query would be to get a list of all the
groups to which a user belongs.

Is this sane? I know that putting application-specific
data in LDAP is not good, but we're planning on using
the same group concept in another application...

Any help will be greatly appreciated.


Kyrre Kristiansen

Yahoo! Plus - For a better Internet experience