Hello folks.
I am currently coding the LDAP-based policy plugin and I want to discuss
some things with you to give me some ideas. This is short introduction
about my plugin functionality: Whenever a user tries to read/write to a
schema, the plugin will search in ldap database for the user and the
schema. Depending on users' and schemas' attributes the ldap-policy
plugin will decide if access should be granted or denied to the user.
The problem is that I am having "hard" time to decide the arrangement of
users and schemas in LDAP database.
The first that came into my mind is that users should be in directory
cn=RANDOM_USER,ou=users,dc=BASE_DN. Users has posixAccount objectclass
so they must define their uidNumber and gidNumber. And schemas are in
cn=RANDOM_SCHEMA,ou=schemas,dc=BASE_DN and they have attribute like
allowedUsers and allowedGroups (I have already create those attrs
because I couldn't find anything else to use, feel free to msg me if you
any better solution). So after getting these attributes I compare them
and decide if user is authorized.
Idea number 2 was that users are in dir
cn=RAND_USER,ou=RAND_GROUP,dc=BASE_DN. For schemas it goes the same.
I really can't decide which one I should pick. I would like to hear
(actually read) your opinion. Also feel free to suggest your own better
idea.
Zisis
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to : drizzle-discuss@lists.launchpad.net
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help : https://help.launchpad.net/ListHelp
