You would need something as an LDAP web service. I guess one could create it with web2py.
On Mar 21, 1:17 am, Martin Weissenboeck <mweis...@gmail.com> wrote: > Is it possible to use LDAP together with the Goole App Engine? > > 2011/3/21 Martin Weissenboeck <mweis...@gmail.com> > > > > > > > > > Thank you for this hint. > > I do not have any experience with LDAP but of course it would be an > > interesting callenge to learn more. > > > 2011/3/21 Joe Barnhart <joe.barnh...@gmail.com> > > >> Isn't this a perfect example of a place to use web2py with LDAP? > > >> -- Joe > > >> On Mar 20, 5:22 am, Martin Weissenboeck <mweis...@gmail.com> wrote: > >> > Hi everybody, > >> > I have the following problem: I need some kind of hierarchical > >> > authorization. > > >> > This is a simplified model: > >> > Company C001...C500 > >> > Departement D01...D15 > >> > Group G01...G40 > >> > Person P01...P30 > > >> > Not every company has 15 departements, not every departement has 40 > >> groups > >> > and so on, but the whole program should work with up 200.000 persons. > > >> > Now some authorizations: > > >> > - Every person is allowed to change most of (but not all) of his > >> personal > >> > data. > >> > - Some persons are allowed to change some data of the members of a > >> > specified group or some groups or a departement. > >> > - Some persons are allowed to send messages single persons or to the > >> > members of a group or some groups or a departement or a company. > >> > - Some persons are allowed to change all data of the members of a > >> group > >> > or some groups or a departement or a company. > >> > - Some persons are allowed to do everything (including impersonate) > >> with > >> > all data of the members of a whole departement or company. > >> > - ... and so on ... > > >> > One person could be identified by a string field like > >> "C003:D03:G12:P15". > > >> > I think I could use the authorization and the decoration of web2py to > >> allow > >> > one person to modify data or to send messages. > > >> > - But how could I use the authorization e.g. to modify only some > >> data? > >> > - And if somebody is allowed to change some data he should only see > >> these > >> > persons he is allowed to make modifications. > > >> > A sql-statement "where ident like 'C003:D03:G12:%" could do the job. > > >> > - But would it be fast enough for 200.000 persons? > >> > - Is there any way to use theauthentization mechanism for this > >> problem? > > >> > Regards Martin