2017-05-26 11:18 GMT+02:00 Dieter Klünter dieter@dkluenter.de:
Am Tue, 23 May 2017 17:16:22 +0000 schrieb Roelof Wobben rwobben@hotmail.com:
Hello,
My boss wants to run everything from a server.
But he wants also that I can take care of that some of the software is only used by some people. So the cad software is only used by the drawers and not by the financial people.
Can I do this with openldap or if it cannot be done , which software can I then use the best.
In fact that depends on the software in question. If the software, or some controlling tool, is able to require authentication and authorization via ldap, you may go ahead.
Indeed. A lot of applications are able to use LDAP directory for authentication, but less are able to use it for authorization. Authorization often rely on groups present in the LDAP directory.
If you have an application that is able to use an LDAP filter for authentication, then you can use the memberOf overlay in OpenLDAP and use the memberOf value in LDAP filter to restrict access to this group.
Now, if you have some time to investigate, you should take a look to WebSSO and Access Management softwares. A lot are Free Softwares and works great with OpenLDAP.
Personally I am a developer of LemonLDAP::NG, so I could do nothing else than recommend this software. But there are a lot more, like Gluu, WSO2, CAS, Shibboleth, simpleSAMLphp... You need to try them to find the one that fits your needs.
Clément.