Re: Fine Grained Permission System

To: Diego Lima <lists@diegolima.org>

Subject: Re: Fine Grained Permission System

From: AdaXi <adaxidownloads@gmail.com>

Date: Tue, 5 Oct 2010 08:35:15 +0200

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=BtI3YjSIk0e9upuVDzUOR+xxkIRjVpfci/lFPTIHbtY=; b=O6Ofc0Z2Sb56N+b1C2BQXx46P+eUgO65vJ0ITp+dwXWtX1DphwoKs7llVAB8VoaKaF CiZ4chel7vURFcUsDA5lhFg92ww08YNiSk9CObqtVlEuVloZ8NiMpHeuf0I6mIhCgfJV +QQz++da5N3pARXMDlYb0zbeOGmMhEAuxJoWg=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=rQR3Dr9bvA2kEzIOofdtSIpmrkqOp970oURUPbyt4SE2rVZZM4vIMQ7jYMem+AwnE0 cZ+VGo9OaQcZZAUJ+sYRJY/hBW1XTFGwLkVK/ej4XALXkweUKBtWjDe2D5qekYHaCmd9 52lX9scv0wFOpEf5759EsR/ieItvNGAXuwxvo=

In-reply-to: <AANLkTin9dGmkdVJVuCesGYwW8h8=4sEMUU0YFdH+=CkV@mail.gmail.com>

References: <AANLkTikkJSdCTmr4rS7xbej-sCONSpFiBuOWXfnWF7i7@mail.gmail.com> <AANLkTin9dGmkdVJVuCesGYwW8h8=4sEMUU0YFdH+=CkV@mail.gmail.com>

2010/10/4 Diego Lima <lists@diegolima.org>

Hi AdaXi,

While ldap is widely used as a means to achieve central
authentication, controlling access using LDAP is highly dependent on
the application you're using. The LDAP server itself does not care for
access controls or levels, and only stores information that will be
used by other applications. If the applications support using some
ldap attribute to restrict access or offer some sort of schema that
they'll use, then you can probably do that using only LDAP. LDAP
itself has Access Control Lists, but I don't think they'll do what you
are expecting, as they only control access to attributes held in the
server itself.

Otherwise you'll be stuck by managing the applications individually
using their own built-in configuration methods.

2010/10/4 AdaXi <adaxidownloads@gmail.com>:

> Hi everyone, I am kind of a newbie in OpenLDAP and LDAP in general, and I
> really need your help, I have been looking for a fine grained permission
> system to a project that I am in now, but could not find anything that
> satifies me.
>
> I have multiple applications that will authenticate using LDAP, but I also
> want to control user access in each application. I want to be able to allow
> specific acces to an element in one application.
>
> Examples :
>
> For database, I would like to assign read permissions to one or more
> database for one user.
> For a bulletin board, users can only post in some specifec boards.
> For a FTP server, users can only access specific directories.
>
>
> In first place is it realistic ?
> Do you know a way to do this only with LDAP ? (if yes, could you show me a
> manual or guide)
> Do you know some piece of software that could help me ?
>
> Thanks in advance,
>
> AdaXi
>
>
>

--
Diego Lima

References:

Fine Grained Permission System
- From: AdaXi <adaxidownloads@gmail.com>
Re: Fine Grained Permission System
- From: Diego Lima <lists@diegolima.org>