Hi! 2011/8/11 <[email protected]>: > I need to be able to tell if a user if a member of different apps to allow > access. I started by adding custom attributes for each app, boolean and > such, and that works fine but somehow just doesn't feel right.
Not sure if it's the best way, but we have added a custom attribute to our users (enabledService). It is a multi-value (string) attribute that apps check to grant access. dn: uid=nbensa,ou=users,dc=.... enabledService: login enabledService: mail enabledService: .... Then the application (mail for example) just search "(&(uid=$username)(enabledService=mail))" and if it gets a result, it grants access to the user (if the passwd is right of course :-) ) We also added "accountActive" (TRUE|FALSE) so we can enable or disable access to all services in just one operation. HTH, Norberto
