[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do you have LDAP Setup for Apps



On Thu, Sep 29, 2011 at 11:46 AM, Buchan Milne
<bgmilne@staff.telkomsa.net> wrote:
> On Thursday, 29 September 2011 02:26:07 criderkevin@aol.com wrote:
>>  I'm learning and testing different ways of configure my LDAP to handle
>> multiple apps. I gave up on groupofnames because I couldn't get searches
>> to pull out the Users in a Group.
>
> Then it seems your applications are brain-dead.
>
> Almost all applications supporting LDAP authentication support LDAP
> authorization, with multiple models for retrieving group information and
> memberships. Most of them support all of the following:
> 1)groupOfNames-type groups
> 2)posixGroup-type groups
> 3)members indicated by memberOf attributes

We have application that even use the position of an element within
the DIT for Authorization (e.g. user X is in department Y, or reports
Z)
We also use other attributes like user is external or internal. I
mean, just in the regular schemas there are so many attributes ! any
of these can be used for Authorization.


-- 
Alejandro Imass