[Date Prev][Date Next] [Chronological] [Thread] [Top]

using ldap to control access to other services

Hi List,

I have been using LDAP for some time. The LDAP server is mainly used to store user information. Today I heard that LDAP can be used to control access to other services. More specific, "The way it works is that your (or any other) app calls LDAP with like "I am user A, here is my ticket, so what I can do?" and then LDAP responds: "User A has a type X and can access B, C and D function, but can not access X, Y and Z function". So your app realizes that "Type X can access today and tomorrow, but not day after tomorrow" etc." I went through OpenLDAP document http://www.openldap.org/doc/admin24/access-control.html. But seems it focuses on how to control the access to LDAP server itself. Could anybody show me how to implement this?

1. Do I need to model the business environment in LDAP? e.g. create a node for each function point.
2. What is the programming model? Can I use Java interface to retrieve these permission information?
3. Is it OpenLDAP specific function or LDAP common function?