On Thu, Sep 29, 2011 at 11:46 AM, Buchan Milne bgmilne@staff.telkomsa.net wrote:
On Thursday, 29 September 2011 02:26:07 criderkevin@aol.com wrote:
I'm learning and testing different ways of configure my LDAP to handle multiple apps. I gave up on groupofnames because I couldn't get searches to pull out the Users in a Group.
Then it seems your applications are brain-dead.
Almost all applications supporting LDAP authentication support LDAP authorization, with multiple models for retrieving group information and memberships. Most of them support all of the following: 1)groupOfNames-type groups 2)posixGroup-type groups 3)members indicated by memberOf attributes
We have application that even use the position of an element within the DIT for Authorization (e.g. user X is in department Y, or reports Z) We also use other attributes like user is external or internal. I mean, just in the regular schemas there are so many attributes ! any of these can be used for Authorization.