[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can I do this with openldap ?



2017-05-26 11:18 GMT+02:00 Dieter Klünter <dieter@dkluenter.de>:
> Am Tue, 23 May 2017 17:16:22 +0000
> schrieb Roelof Wobben <rwobben@hotmail.com>:
>
>> Hello,
>>
>>
>> My boss wants to run everything from a server.
>>
>> But he wants also that I can take care of that some of the software
>> is only used by some people.  So the cad software is only used by the
>> drawers and not by the financial people.
>>
>>
>> Can I do this with openldap or if it cannot be done , which software
>> can I then use the best.
>
> In fact that depends on the software in question. If the software,
> or some controlling tool, is able to require authentication and
> authorization via ldap, you may go ahead.

Indeed. A lot of applications are able to use LDAP directory for
authentication, but less are able to use it for authorization.
Authorization often rely on groups present in the LDAP directory.

If you have an application that is able to use an LDAP filter for
authentication, then you can use the memberOf overlay in OpenLDAP and
use the memberOf value in LDAP filter to restrict access to this
group.

Now, if you have some time to investigate, you should take a look to
WebSSO and Access Management softwares. A lot are Free Softwares and
works great with OpenLDAP.

Personally I am a developer of LemonLDAP::NG, so I could do nothing
else than recommend this software. But there are a lot more, like
Gluu, WSO2, CAS, Shibboleth, simpleSAMLphp... You need to try them to
find the one that fits your needs.


Clément.