[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Group Members


2011/8/11  <criderkevin@aol.com>:
> I need to be able to tell if a user if a member of different apps to allow
> access. I started by adding custom attributes for each app, boolean and
> such, and that works fine but somehow just doesn't feel right.

Not sure if it's the best way, but we have added a custom attribute to
our users (enabledService). It is a multi-value (string) attribute
that apps check to grant access.

dn: uid=nbensa,ou=users,dc=....
enabledService: login
enabledService: mail
enabledService: ....

Then the application (mail for example) just search
"(&(uid=$username)(enabledService=mail))" and if it gets a result, it
grants access to the user (if the passwd is right of course :-) )

We also added "accountActive" (TRUE|FALSE) so we can enable or disable
access to all services in just one operation.