using openldap for storing application and project information

[Valokari Tero <terppa23@ctse.fi>]

Hey,

Has anyone used directory services for storing application information, like 
application roles? Roles are like normal_user, customer_admin, project_admin 
and admin.

I'm building document management system, and all users are stored in openldap. 
In future, we are having many little applications, and each of them have 
different user roles. So I have thought, that it would be good idea to store 
all these information in one place, so it could be easily distributed and 
coupled to user management.

LDAP tree might look something like this:
-root				(dcObject)
  -appsRoles		(organizationUnit)
      -apps1		(organizationUnit)
         *role1		(posixGroup)
         *role2		(posixGroup)
      -apps2
         *role1
         *role2
  -projects			(organizationUnit)
      *proj1			(organizationUnit)
      *proj2
  -organizations		(organizationUnit)
      -org1			(organization)
         *user1		(posixUser)
         *user2
      -org2
         *user3
         *user4
  -appsRoot		(organizationUnit)
      -apps1		(organizationUnit)
         -proj1		(organizationUnit)
            *role1		(posixGroup)
                +user1
                +user2
                +user3
         -proj2
            *role2
                +user3
      -apps2
         -proj2
            *role1
                +user1
            *role2
                +user3

Because tree is hierarchical, it could be easy to find users, who are allowed 
to use app1 and so on. How does this looks like?

Regards,
	Tero