[Date Prev][Date Next]
Re: Group Members
> I need to be able to tell if a user if a member of different apps to allow
> access. I started by adding custom attributes for each app, boolean and
> such, and that works fine but somehow just doesn't feel right.
Not sure if it's the best way, but we have added a custom attribute to
our users (enabledService). It is a multi-value (string) attribute
that apps check to grant access.
Then the application (mail for example) just search
"(&(uid=$username)(enabledService=mail))" and if it gets a result, it
grants access to the user (if the passwd is right of course :-) )
We also added "accountActive" (TRUE|FALSE) so we can enable or disable
access to all services in just one operation.