Thanks for your answer, it was what I was expecting from what I saw yesterday.
I saw LDAP ACL's but they are used only to restrict access to LDAP itself. I was really hoping that LDAP had some nice way to handle fine grained permission system. I think I'll still use LDAP for managing my users, but I'll probably create some scripts to handle the permissions for all my application in a centralized mode.
Gerik
2010/10/4 Diego Lima lists@diegolima.org
Hi AdaXi,
While ldap is widely used as a means to achieve central authentication, controlling access using LDAP is highly dependent on the application you're using. The LDAP server itself does not care for access controls or levels, and only stores information that will be used by other applications. If the applications support using some ldap attribute to restrict access or offer some sort of schema that they'll use, then you can probably do that using only LDAP. LDAP itself has Access Control Lists, but I don't think they'll do what you are expecting, as they only control access to attributes held in the server itself.
Otherwise you'll be stuck by managing the applications individually using their own built-in configuration methods.
2010/10/4 AdaXi adaxidownloads@gmail.com:
Hi everyone, I am kind of a newbie in OpenLDAP and LDAP in general, and I really need your help, I have been looking for a fine grained permission system to a project that I am in now, but could not find anything that satifies me.
I have multiple applications that will authenticate using LDAP, but I
also
want to control user access in each application. I want to be able to
allow
specific acces to an element in one application.
Examples :
For database, I would like to assign read permissions to one or more database for one user. For a bulletin board, users can only post in some specifec boards. For a FTP server, users can only access specific directories.
In first place is it realistic ? Do you know a way to do this only with LDAP ? (if yes, could you show me
a
manual or guide) Do you know some piece of software that could help me ?
Thanks in advance,
AdaXi
-- Diego Lima