OpenLDAP and user role based accedss controll (RBAC)

Posted by Jason on Stack Overflow See other posts from Stack Overflow or by Jason
Published on 2010-03-14T22:12:29Z Indexed on 2010/03/14 22:15 UTC
Read the original article Hit count: 651

Hello, my company uses an openldap server which stores corporate user information ((username,passwd and some other information like email are stored in ldap)..

Till now they only use it for authentication but now we'd like to use for authentication also, this means that we'll create roles (as ldap attributes in a new schema) and assign those roles in the users.

My actual question is if there is a best-practice to follow for using openldap for authentication on many applications (most written in php). I understand how to make roles and assign them to users for just one application, but what about the others (each application of course has its own roles). Should I just create an ou=appName,ou=roles,dc=mycompany for each application, put the roles as attributes there and just add each role as an attribute of the user object ?

is there any other recommendations ?

thanks

© Stack Overflow or respective owner

Related posts about rbac

Related posts about openldap