[Date Prev][Date Next] [Chronological] [Thread] [Top]

using ldap to implement company ACL?



Heya all..
 
 I'm very new to ldap and I'm basically trying to scope out if its the best tool for what I need at the moment.
 
I'm designing a simple ACL system for the small company I work for ( less than 100 staff ) to control access to our internal tools, at the moment all web based, but may not be in the future.
 
The basic elements of the ACL will be
 
staff-member
group
rights
 
Each group will have rights associated with it.
Each staff member can be a member of multiple groups, as well as have a list of individual rights
 
With this is place any software wanting to check if a staff-member should have access to a given feature can either check if the user is in a certain group, or more likely if the user has a certain right (or is in a group that is associated with that right).
 
At this point I've got a pretty limited understanding of ldap (haven't not have a chance to really get into it yet) so I'm not sure if this is something ldap will do well?
 
My initial thoughts on how to do this was to create a rights and group schema, and add a rights field (not sure if thats to correct term) to person. where the rights field could hold multiple rights.
group would also have a rights field, again holding multiple rights and a members field, holding multiple people.
 
I would be very thankful for any comments or suggestions on how best to approach this.
 
Regards,
Matthew.