OpenLDAP and user role based accedss controll (RBAC)
Posted
by Jason
on Stack Overflow
See other posts from Stack Overflow
or by Jason
Published on 2010-03-14T22:12:29Z
Indexed on
2010/03/14
22:15 UTC
Read the original article
Hit count: 655
Hello, my company uses an openldap server which stores corporate user information ((username,passwd and some other information like email are stored in ldap)..
Till now they only use it for authentication but now we'd like to use for authentication also, this means that we'll create roles (as ldap attributes in a new schema) and assign those roles in the users.
My actual question is if there is a best-practice to follow for using openldap for authentication on many applications (most written in php). I understand how to make roles and assign them to users for just one application, but what about the others (each application of course has its own roles). Should I just create an ou=appName,ou=roles,dc=mycompany for each application, put the roles as attributes there and just add each role as an attribute of the user object ?
is there any other recommendations ?
thanks
© Stack Overflow or respective owner