[Date Prev][Date Next] [Chronological] [Thread] [Top]

About authentification


I did configure OpenLDAP with back-sql, it work now.

I got an Address table in one database.

I got a GAccount table in an other databse.

I got a GGroup table in the same databse as GAccount.

Each Address entry has an owner id corresponding to one GAccount entry.

Each GAccount has a group entry corresponding to one GGroup entry.

The current configuration of the ldap directory is read access to all Address entry.

What I want to know is how I can implement what follow, and first of all if it is possible.

I want to allow acces to Address entry (inetOrgPerson) this way.

Each people authentify via the GAccount table, then he should have access to all Address that are own by him or a member of his group.

For example:

id = 1
owner = 4

id = 2 owner = 3

id = 3 owner = 2

id = 4
group = 6

id = 3
group = 6

id = 2
group = 5

id = 6

id = 5

Address 1 should be accessible by GAccount 4 and 3, address 2 the same, and address 3 should be accessible by GAccount 2.

I had no problem to implement this logic to my WebApplication and WebAddress book, but I'm a little bit confused about the way to implement it with ldap.

Password are stored as md5 hash in GAccount (like 0f7d5df9902e9019631ca2475523a4be), but if needed I can change this to something else.

I hope I was complete in my explanations, if not, just ask what you don't understand, I will clarify myself.