[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: creating user groups with OpenLDAP the Active Directory way



your question is a bit off topic from what this list prescribes, but as
an answer:  you can customize your schema in openldap to store user
group membership attributes inside the user objects.

As to how you can modify the schema.. check out this site
http://www.openldap.org/doc/admin22/schema.html

And as for group information .. mgettes formerly at duke wrote this:
http://www.duke.edu/~gettes/giia/ldap-recipe/#Groups

good luck.


Jonathan Higgins
IT R&D Project Manager
Kennesaw State University
jhiggins@kennesaw.edu

>>> "Pieter" <pieter.v@gmx.net> 03/08/05 3:26 PM >>>
Hello,

I have been looking in the archives for a solution to this but didn't
find anything up to now.

My setup:
Debian Linux with slapd 2.1.30-3
phpBB 2.0.13 (a web forum) with ldap Auth mod 1.1.8
Typo3 (a content management system) with LDAP plugins

I'd like to authenticate users for both phpBB and Typo3 from a central
OpenLDAP based database.  The LDAP add-ons for phpBB and Typo3 were
primarily written by users with Active Directory knowledge.

Active Directory seems to handle users in groups like this: a record of
a person contains an objectclass (memberof) that can hold several group
records.

In contrast with this, my OpenLDAP database only allows a separate group
record (with the objectclass "groupOfNames") in the database that holds
a list of persons that belong to the group.

This is the order way around and each method will have it's own
advantages and disadvantages.  Problem is that both phpBB and Typo3 are
written for the Active Directory way of doing things.
Is it possible to get OpenLDAP to work that way?


Pieter

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.7.0 - Release Date: 8/03/2005