Hello the list,
I have to use LDAP to define access permissions for many third parties
So, I wonder what is the best way to organize my LDAP tree. I see two
- Set a LDAP group for each access level of each application, and create
users that belongs to those groups.
| | |__user1
| | |__user2
| | |__user3
| | |__user4
The problem of this solution is that I have to set a lot of groups, so
my LDAP tree would became very complex to administrate.
- Another way would be to define my own LDAP classes, with an attribute
for each application that define the access level (guest, user, admin, etc).
The problem of this solution is that I'm not anymore in the standard
LDAP schema, and loose interoperability with standards LDAP clients.
What is the best way to set that. Is there is another possibility than
the two I mentioned before ?
Thank you !