[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do you have LDAP Setup for Apps



You can also create your own custom auxiliary  objectClass that you can use as an addition filter.

for example:

objectClass     ( your_custom_OID_here 
    NAME ‘yourcustomPerson'
    DESC ‘My Custom User INFO'
    SUP top AUXILIARY
    MUST ( customUserPriv $ customAuthApp1 $ customStaffMember $ customRemoteAccess $ customEnabled )
    MAY ( ) )

then you would need to define your custom attributeTypes and load the whole thing into LDAP.

The custom attribute types can then be used as an addition filter. 

Scott



On Sep 29, 2011, at 9:38 AM, Alejandro Imass wrote:

> On Thu, Sep 29, 2011 at 11:46 AM, Buchan Milne
> <bgmilne@staff.telkomsa.net> wrote:
>> On Thursday, 29 September 2011 02:26:07 criderkevin@aol.com wrote:
>>>  I'm learning and testing different ways of configure my LDAP to handle
>>> multiple apps. I gave up on groupofnames because I couldn't get searches
>>> to pull out the Users in a Group.
>> 
>> Then it seems your applications are brain-dead.
>> 
>> Almost all applications supporting LDAP authentication support LDAP
>> authorization, with multiple models for retrieving group information and
>> memberships. Most of them support all of the following:
>> 1)groupOfNames-type groups
>> 2)posixGroup-type groups
>> 3)members indicated by memberOf attributes
> 
> We have application that even use the position of an element within
> the DIT for Authorization (e.g. user X is in department Y, or reports
> Z)
> We also use other attributes like user is external or internal. I
> mean, just in the regular schemas there are so many attributes ! any
> of these can be used for Authorization.
> 
> 
> -- 
> Alejandro Imass
>