[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Group Members

To: criderkevin@aol.com
Subject: Re: Group Members
From: zoolook <nbensa@gmail.com>
Date: Fri, 12 Aug 2011 13:28:03 -0300
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=IP/zf5vPGIIa/rT4ZDPb4+P56/2u0dDr5hb0qcBPkgg=; b=huNalOnwArmhdNWTWMsoe7SJEfgtGKj00jU0kTSByZ4kGo7XZNpA6dY5yYPSYr/tlW V2V4BKv62yfgeTbEvcrqLMywu9PWHDcro+GZcYuS4PKymm9FVFJ0zHrdpx8LiAspDWP8 /w0Q5tAoVC+ZDVOnHHcLmZ8OPavrMQflXBcfA=
In-reply-to: <8CE26ADE9B22DD0-1EC4-2E95D@Webmail-d102.sysops.aol.com>
References: <8CE26ADE9B22DD0-1EC4-2E95D@Webmail-d102.sysops.aol.com>

Hi!

2011/8/11  <criderkevin@aol.com>:
> I need to be able to tell if a user if a member of different apps to allow
> access. I started by adding custom attributes for each app, boolean and
> such, and that works fine but somehow just doesn't feel right.


Not sure if it's the best way, but we have added a custom attribute to
our users (enabledService). It is a multi-value (string) attribute
that apps check to grant access.

dn: uid=nbensa,ou=users,dc=....
enabledService: login
enabledService: mail
enabledService: ....

Then the application (mail for example) just search
"(&(uid=$username)(enabledService=mail))" and if it gets a result, it
grants access to the user (if the passwd is right of course :-) )

We also added "accountActive" (TRUE|FALSE) so we can enable or disable
access to all services in just one operation.

HTH,
Norberto

References:
- Group Members
  - From: criderkevin@aol.com

Prev by Date: Re: Assigning Groups to LDAP users
Next by Date: Re: Group Members
Index(es):
- Chronological
- Thread