Hi!
2011/8/11 criderkevin@aol.com:
I need to be able to tell if a user if a member of different apps to allow access. I started by adding custom attributes for each app, boolean and such, and that works fine but somehow just doesn't feel right.
Not sure if it's the best way, but we have added a custom attribute to our users (enabledService). It is a multi-value (string) attribute that apps check to grant access.
dn: uid=nbensa,ou=users,dc=.... enabledService: login enabledService: mail enabledService: ....
Then the application (mail for example) just search "(&(uid=$username)(enabledService=mail))" and if it gets a result, it grants access to the user (if the passwd is right of course :-) )
We also added "accountActive" (TRUE|FALSE) so we can enable or disable access to all services in just one operation.
HTH, Norberto