[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Group Members
Hi!
2011/8/11 <criderkevin@aol.com>:
> I need to be able to tell if a user if a member of different apps to allow
> access. I started by adding custom attributes for each app, boolean and
> such, and that works fine but somehow just doesn't feel right.
Not sure if it's the best way, but we have added a custom attribute to
our users (enabledService). It is a multi-value (string) attribute
that apps check to grant access.
dn: uid=nbensa,ou=users,dc=....
enabledService: login
enabledService: mail
enabledService: ....
Then the application (mail for example) just search
"(&(uid=$username)(enabledService=mail))" and if it gets a result, it
grants access to the user (if the passwd is right of course :-) )
We also added "accountActive" (TRUE|FALSE) so we can enable or disable
access to all services in just one operation.
HTH,
Norberto