Heya all..
I'm very new to ldap and I'm basically trying
to scope out if its the best tool for what I need at the moment.
I'm designing a simple ACL system for the
small company I work for ( less than 100 staff ) to control access to our internal tools, at the moment all web based, but may
not be in the future.
The basic elements of the ACL will be
staff-member
group
rights
Each group will have rights associated with
it.
Each staff member can be a member of multiple
groups, as well as have a list of individual rights
With this is place any software wanting to check if
a staff-member should have access to a given feature can either check if the
user is in a certain group, or more likely if the user has a certain right (or
is in a group that is associated with that right).
At this point I've got a pretty limited
understanding of ldap (haven't not have a chance to really get into it yet) so
I'm not sure if this is something ldap will do well?
My initial thoughts on how to do this was to create
a rights and group schema, and add a rights field (not sure if thats to correct
term) to person. where the rights field could hold multiple rights.
group would also have a rights field, again holding
multiple rights and a members field, holding multiple people.
I would be very thankful for any comments or
suggestions on how best to approach this.
Regards,
Matthew.
|