Hi all,

For a project at work I need to setup a LDAP server and make it possible to authenticate allot of (yet unwriten) applications.
I have been reading for the past 2 days on the internet about this issue but I have the feeling I do not have enough knowledge to provide a correct setup.

The idea is that there are a few different ou’s holding several users.
These users all hold login-profiles for the applications we are developping right now.
Alldue this sounds kinda logic, I do not exactly understand how the authentication should take place.

  Lets say:
Dn=domain,dn=com
    ou=test
        -user
            name=me
            pass=secret
            --app_1
                 username=appuser
                 password=appSecret
                 ap_related_opt=variable
            --app_2
                 username=app2user
                 password=app2secret
                 other_ap_related_opt=variable
            --app_3
                 username=app3user
                 password=app3secret
                 other_ap_related_opt=variable

          -user /// Next user holding the same structure.

Now I wrote  a master_app that should handle the authentication using LDAP.
It received the “me” username with corresponding password and must fetch a list of profiles used for the requested applications (say app_1 and app_2)
I’m still in doubt about the app username and password, as without a matching profile, application access would be denied anyways  so I could store some acl values to (is that right?)


 Am I on the right track here, any ideas sugestions links or examples?

    Thanks for reading!
   Flip Vernooij