[Date Prev][Date Next]
Re: How do you have LDAP Setup for Apps
On Thu, Sep 29, 2011 at 11:46 AM, Buchan Milne
> On Thursday, 29 September 2011 02:26:07 email@example.com wrote:
>> I'm learning and testing different ways of configure my LDAP to handle
>> multiple apps. I gave up on groupofnames because I couldn't get searches
>> to pull out the Users in a Group.
> Then it seems your applications are brain-dead.
> Almost all applications supporting LDAP authentication support LDAP
> authorization, with multiple models for retrieving group information and
> memberships. Most of them support all of the following:
> 1)groupOfNames-type groups
> 2)posixGroup-type groups
> 3)members indicated by memberOf attributes
We have application that even use the position of an element within
the DIT for Authorization (e.g. user X is in department Y, or reports
We also use other attributes like user is external or internal. I
mean, just in the regular schemas there are so many attributes ! any
of these can be used for Authorization.