Re: using openldap for storing application and project information

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

This topic should be moved to a general LDAP forum,
such as <ldap@umich.edu>.  There is nothing OpenLDAP
specific about this topic.

At 04:00 AM 6/8/2004, Valokari Tero wrote:
>Hey,
>
>Has anyone used directory services for storing application information, like 
>application roles? Roles are like normal_user, customer_admin, project_admin 
>and admin.
>
>I'm building document management system, and all users are stored in openldap. 
>In future, we are having many little applications, and each of them have 
>different user roles. So I have thought, that it would be good idea to store 
>all these information in one place, so it could be easily distributed and 
>coupled to user management.
>
>LDAP tree might look something like this:
>-root                           (dcObject)
>  -appsRoles            (organizationUnit)
>      -apps1            (organizationUnit)
>         *role1         (posixGroup)
>         *role2         (posixGroup)
>      -apps2
>         *role1
>         *role2
>  -projects                     (organizationUnit)
>      *proj1                    (organizationUnit)
>      *proj2
>  -organizations                (organizationUnit)
>      -org1                     (organization)
>         *user1         (posixUser)
>         *user2
>      -org2
>         *user3
>         *user4
>  -appsRoot             (organizationUnit)
>      -apps1            (organizationUnit)
>         -proj1         (organizationUnit)
>            *role1              (posixGroup)
>                +user1
>                +user2
>                +user3
>         -proj2
>            *role2
>                +user3
>      -apps2
>         -proj2
>            *role1
>                +user1
>            *role2
>                +user3
>
>Because tree is hierarchical, it could be easy to find users, who are allowed 
>to use app1 and so on. How does this looks like?
>
>Regards,
>        Tero