[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap and service permissions

At 11:36 PM 2/21/2005, myren wrote:
>Can someone explain why LDAP cant do this reasonably?  What is LDAP good for then?

I think this thread is not terribly specific to OpenLDAP Software.
These questions, in particular, seem to be more appropriate for a
general LDAP list.  See charter for pointers.

Regarding service permissions, the OpenLDAP server (slapd) provides
only an authorization mechanism (ACLs, see slapd.access(5)) to control
access to information held in the directory.  Whether that (or any
directory authorization) is useful for providing per-user "service
permissions" to a service highly depends on the implementation of
the service.  Hence, you should consult the documentation of these
implementations (and use lists supporting them) to determine whether
they can be configured to per-user service permissions based upon
directory authorization, and if so, which objects/attributes are
used to control these permissions.  Once you know that, you can
configure access controls.  Only the latter step is OpenLDAP-specific
(again, see slapd-access(5)).