[Date Prev][Date Next] [Chronological] [Thread] [Top]

Single Sign-On model and LDAP Structure



Hi.

I'm building a single sing-on server. However, I'm have some doubts on the
LDAP structure.

I need to create an LDAP structure to hold users and applications access
control.
And application has a set of valid permissions like "INSERT $ TABLE_X". An
application has also a defined group of permissions. Each group can have one
or more permissions that were defined for that application.
A user can belong at most to one group for each application.

Following there's the structure I'm thinking about.
I've not created the LDIF file yet because I'm still working on the model.

+ example.com
  + Users
    + Canada
      - User 1     {holds the user info and password}
      - User 2     
    + US
      - User 3
      - User 4
  + Applications
    + Application 1
      - Existing Permissions {holds a list of valid permissions}
      + Groups
        - Group 1            {holds a list of permissions defined in
"Existing Permissions"}
        - Group 2

In order for this to work, I might need to create new objectClasses. I'm not
quite sure.
What do you think about this structure? Do you see problems in this
approach.

And one important final question: IS THERE ALREADY A STANDART TO CREATE THIS
MODEL I'M WORKING ON?

------------
Thxs,
Flavio Alves