[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can I do this with openldap ?

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: Can I do this with openldap ?
From: Clément OUDOT <clem.oudot@gmail.com>
Date: Fri, 26 May 2017 12:05:47 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=CFmXWFmt7bnOB38G6CbpD+5CWVA9VqhFkVviv/eYQfQ=; b=sEK34HUCsuBq8ypi6z5iUBLonGdlr5Chx4VEi8J72evlz5e8O5fKfF2RtuCLYpdNIA 2vS4dnaYd5ePe6sJZDKxIB+KoDp/qTW9qlrDjvn7Oi0ZUDUU4yXK9C/6eJ0yqSSgDoAJ eFJXY0fiieMhtSWh94a6Rdvfa3OxRTdxPiokNrfPjSnn9CQ7UbkIVAQmmKy6qlAwAD1t ddsf0RuHNkCqWSl8LY9cxl3XVTirhjYgnA4kwRwFcKoF5WcxSv0ZZp20VjGSvEhDF70b yBkNo12QwPwv7zAzVq/xesf1NAeiBE8ms3WYYIoxK7AjWNfXl57llmKOw+oayJ3zRsXJ dDKA==
In-reply-to: <20170526111835.588a68a1@pink.avci.de>
References: <VI1PR0201MB219105466363412B1B933F6AAEF90@VI1PR0201MB2191.eurprd02.prod.outlook.com> <20170526111835.588a68a1@pink.avci.de>

2017-05-26 11:18 GMT+02:00 Dieter Klünter <dieter@dkluenter.de>:
> Am Tue, 23 May 2017 17:16:22 +0000
> schrieb Roelof Wobben <rwobben@hotmail.com>:
>
>> Hello,
>>
>>
>> My boss wants to run everything from a server.
>>
>> But he wants also that I can take care of that some of the software
>> is only used by some people.  So the cad software is only used by the
>> drawers and not by the financial people.
>>
>>
>> Can I do this with openldap or if it cannot be done , which software
>> can I then use the best.
>
> In fact that depends on the software in question. If the software,
> or some controlling tool, is able to require authentication and
> authorization via ldap, you may go ahead.

Indeed. A lot of applications are able to use LDAP directory for
authentication, but less are able to use it for authorization.
Authorization often rely on groups present in the LDAP directory.

If you have an application that is able to use an LDAP filter for
authentication, then you can use the memberOf overlay in OpenLDAP and
use the memberOf value in LDAP filter to restrict access to this
group.

Now, if you have some time to investigate, you should take a look to
WebSSO and Access Management softwares. A lot are Free Softwares and
works great with OpenLDAP.

Personally I am a developer of LemonLDAP::NG, so I could do nothing
else than recommend this software. But there are a lot more, like
Gluu, WSO2, CAS, Shibboleth, simpleSAMLphp... You need to try them to
find the one that fits your needs.


Clément.

Follow-Ups:
- Re: Can I do this with openldap ?
  - From: "Ralf Mattes" <r.mattes@mh-freiburg.de>

References:
- Can I do this with openldap ?
  - From: Roelof Wobben <rwobben@hotmail.com>
- Re: Can I do this with openldap ?
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Re: Can I do this with openldap ?
Next by Date: Re: Can I do this with openldap ?
Index(es):
- Chronological
- Thread